WebDialog.set_html fails under Safari 5.0.6
-
Ok.. now, both Safari and Chrome use Webkit.
IF (assumption) both implement security polices in a similar way (on Mac via a manifest plist file inside the bundle,) you might compare the settings pre and post Safari 5.0.6.
On Chrome the settings are in file "com.google.Chrome.manifest", so (hoping,) that for Safari, the file would be something like "com.apple.Safari.manifest".
I'm going by the Chrome policy list when I suggest looking for policy "DisabledSchemes", or "SafeBrowsingEnabled", "ImagesBlockedForUrls", "JavaScriptAllowedForUrls", etc. (see the list... or find the list explicitly for Safari.)
P.S. : I wonder if Mac Sketchup changes any of these Safari security policies when it installs, to enable correct use of WebDialogs, ... and by upgrading to a newer Safari version, the policy file is overwritten. (So a comparison of the Safari manifest file, both pre and post Sketchup install, may also be in order.)
-
@thomthom said:
TIG: The problem is that when you use
.set_html
you do not get access to local resources any more under OSX Safari 5.0.6+.have you got an example of
.set_html
that works on older Safari, I've been going through all my old bits and I can't find an example that ever worked, heres some variations of .set_url and .set_file that all (bar one) work under Safari 5.0.6, I'm not including the files, unless you want them, it's more about the syntax, which is slightly different from 5.0.3 if you use .set_file("file:///...) Safari adds an additional file:/ to the url and reports an errordlg1 = UI;;WebDialog.new("BoilerPlate1", true, "BP1", 200, 200, 110, 0, true); dlg1.set_url("file;///Library/Application%20Support/Google%20SketchUp%208/SketchUp/plugins/WD_BoilerPlate_cln/demo/tests.html") dlg1.set_background_color("#fff") dlg1.show_modal #works dlg2 = UI;;WebDialog.new("BoilerPlate2", true, "BP2", 200, 200, 310, 0, true); dlg2.set_file("/Volumes/Macintosh HD/Library/Application Support/Google SketchUp 8/SketchUp/plugins/WD_BoilerPlate_cln/demo/elements.html") dlg2.set_background_color("#fff") dlg2.show_modal #works, BUT an external ajax call for js fails, local backup js loads instead dlg3 = UI;;WebDialog.new("BoilerPlate3", true, "BP3", 200, 200, 510, 0, true); dlg3.set_file("/Library/Application Support/Google SketchUp 8/SketchUp/plugins/WD_BoilerPlate_cln/test/index.html") dlg3.set_background_color("pink") dlg3.show_modal #works dlg4 = UI;;WebDialog.new("BoilerPlate4", true, "BP4", 200, 200, 710, 0, true); dlg4.set_url("file;///volumes/Macintosh%20HD/Library/Application%20Support/Google%20SketchUp%208/SketchUp/plugins/WD_BoilerPlate_cln/test/index.html") dlg4.set_background_color("grey") dlg4.show_modal #works dlg5 = UI;;WebDialog.new("BoilerPlate5", true, "BP5", 200, 200, 910, 0, true); dlg5.set_url("file;//localhost/Library/Application%20Support/Google%20SketchUp%208/SketchUp/plugins/WD_BoilerPlate_cln/404.html") dlg5.set_background_color("#fff") dlg5.show_modal #works dlg6 = UI;;WebDialog.new("BoilerPlate6", true, "BP6", 200, 200, 1110, 0, true); dlg6.set_file("/Library/Application Support/Google SketchUp 8/SketchUp/plugins/_LaptopLearnig/Ch1/TextBook.pdf") dlg6.set_background_color("#fff") dlg6.show_modal #works dlg7 = UI;;WebDialog.new("BoilerPlate7", true, "BP7", 200, 200, 1310, 0, true); dlg7.set_url("file;///volumes/Macintosh%20HD/Library/Application%20Support/Google%20SketchUp%208/SketchUp/plugins/_LaptopLearnig/Ch1/TextBook.pdf") dlg7.set_background_color("#fff") dlg7.show_modal #works dlg8 = UI;;WebDialog.new("BoilerPlate8", true, "BP8", 200, 200, 1510, 0, true); dlg8.set_url("file;//localhost/Library/Application%20Support/Google%20SketchUp%208/SketchUp/plugins/_LaptopLearnig/Ch1/TextBook.pdf") dlg8.set_background_color("#fff") dlg8.show_modal #works dlg9 = UI;;WebDialog.new("BoilerPlate9", true, "BP9", 200, 200, 1710, 0, true); dlg9.set_url("http://localhost/Library/Application%20Support/Google%20SketchUp%208/SketchUp/plugins/_LaptopLearnig/Ch1/TextBook.pdf") dlg9.set_background_color("#fff") dlg9.show_modal # DOSEN'T work[it is a pdf afterall]... but do I get a Not Found message #The requested URL /Library/Application Support/Google SketchUp 8/SketchUp/plugins/_LaptopLearnig/Ch1/TextBook.pdf was not found on this server. dlg10 = UI;;WebDialog.new("aceSUedit", false,"ace", 900, 600, 50, 350, false); dlg10.set_url("http://upstairs.lan/cloud9/cloud9/support/ace/ModalWindow.html") dlg10.show_modal #works and is an extremely complex html with lots of dynamic content
I'll set these all up on Safari 5.0.3 tomorrow and see how they fair.
john -
@driven said:
... if you use .set_file("file:///...) Safari adds an additional file:/ to the url and reports an error...
I'm purty sure that it's the Sketchup API
UI::WebDialog
code that prepends allset_file()
arguments with "file://", happens on Windows as well.I tried
set_file("file://localhost/path/to/local/file.html")
and got that Sketchup error dialog (I believe it had the Sketchup icon in the upper left of the caption bar,) saying:
'%(#8000BF)[Could not find file: "file://file://localhost/path/to/local/file.html"]
'I would say that method should check to see if the substring is already there before prepending it.
-
Here's a bug report at Webkit Bugzilla on local file:// handling broken.
Webkit bug #10777
It was reported in 2006 !The 'reporter' also filed a bug at apple: #4809075
.. because he was unsure if it was Safari, or Webkit; but never got back to his original report and said what happened.
So the status remains: UNCONFIRMEDI tried to log into the apple bug reporter to check on #4809075, but got a login error.
-
@unknownuser said:
...if you use
.set_file("file:///...)
Safari adds an additional file:/ to the url and reports an error...
BUT surely that's not really an 'error' ? It's just a logical application of some rules.
The.set_file()
method is expecting a file path - like'C:/temp/myfile.txt'
.
The.set_url()
method is expecting a url like'http://www.forums.sketchucation.com'
OR'file:///C:/temp/myfile.txt'
if it's a local file path.
The.set_file()
method takes its argument and it prepends a hard-coded initial'file:///'
to make it into suitable 'url' friendly code, from the bald file path: this is just like what happens when you try to open a local file withUI.openURL()
, which requires that you have added the initial'file:///'
to any local file path etc.The
.set_**html**()
method is expecting a some 'html code as text' and this is a more serious issue, to this side one. -
@driven said:
have you got an example of .set_html that works on older Safari,
webdialog.set_html( 'Hello World<hr><img src="file:///Users/thomas/Desktop/helloworld.jpg" alt="image should be here"><hr>Bye World' )
Very crude example, invalid HTML, but it's the bare bones. The image would load in older Safari.@dan rathbun said:
P.S. : I wonder if Mac Sketchup changes any of these Safari security policies when it installs, to enable correct use of WebDialogs, ... and by upgrading to a newer Safari version, the policy file is overwritten. (So a comparison of the Safari manifest file, both pre and post Sketchup install, may also be in order.)
Never been a problem before... Something must have changed at 5.0.6.
-
.set_file
and.set_url
isn't really the problem here. They both work the same as pre-5.0.6 as far as I can tell..set_html
is the core of the problems. -
@thomthom said:
@dan rathbun said:
P.S. : I wonder if Mac Sketchup changes any of these Safari security policies when it installs, ...
Never been a problem before... Something must have changed at 5.0.6.
Meaning, you have upgraded Safari a number of times in the past, without causing adverse effects on Sketchup WebDialogs ??
-
And can someone check the Apple Bug site.. to see if anyone else has filed a local resource regression bug for 5.0.6 ??
-
Could this be the 'security update' that's messing it up?
@unknownuser said:WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
http://www.cvedetails.com/cve/CVE-2011-1774/ http://support.apple.com/kb/ht4808 -
Refering to my earlier post on Security Policies, I went thru the Apple Developer Library, and the Webkit.org docs, looking for a similar policy list to the Chrome list. Could not find anything. (Sheesh.. I hate that Apple website, so hard to find anything.)
Has anyone checked to see if Safari has a manifest file like Chrome, with policy settings ??
-
@dan rathbun said:
@thomthom said:
@dan rathbun said:
P.S. : I wonder if Mac Sketchup changes any of these Safari security policies when it installs, ...
Never been a problem before... Something must have changed at 5.0.6.
Meaning, you have upgraded Safari a number of times in the past, without causing adverse effects on Sketchup WebDialogs ??
Yes, at least not in terms of permissions. Updating Safari off course means updated render engine, like when you update IE. But never have I experienced blocking changes like this.
-
Summary
In order to link to local resources in webdialogs one has to use file:/// prefix.Problem arise under OSX with Safari 5.0.6 or higher: local resources are not allowed to be accessed any more. Images, CSS and JS will not load. External resources do work though.
What might be happening:
Under windows when you usewebdialog.set_html
,document.location
will report a file located in the user's temp folder.
Under OSX on the other hand,document.location
reportsabout:blank
. So it appear to be feeding the HTML to the webdialog differently from Windows.The current theory to why
.set_html
fails in 5.0.6 is that a security issue has been closed where about:blank pages where used to gain access to the local resources. Due to the design differences between Windows and OSX.set_html
now fails to load local resources.Workaround
Here is a quick bare bone wrapper class:
%(#BF0000)[Issue
Under OSX the garbage collector is not triggered upon SketchUp exit - so any webdialogs that's not been garbage collected will leave their temp files behiond. Looking into the matter...]<span class="syntaxdefault"><br /></span><span class="syntaxcomment"># Custom WebDialog wrapper that works around problems with WebDialog#set_html<br /># under OSX after Safari 5.0.6 is installed.<br />#<br /># Example is bare bone without any error checking. Expand as you find fit.<br /></span><span class="syntaxdefault">class WebDialogPatch </span><span class="syntaxkeyword"><</span><span class="syntaxdefault"> UI</span><span class="syntaxkeyword">;;</span><span class="syntaxdefault">WebDialog<br /><br /> </span><span class="syntaxcomment"># @note Safari 5.0.6 made .set_html unusable under OSX because any links to<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># resources ( Images, CSS, JS ) on the local computer failed to load.<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># Previously it would work when you spesified file;/// but now it is denied.<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment">#<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @param [String] html_string<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @return [Nil]<br /></span><span class="syntaxdefault"> def set_html</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> html_string </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># Clean up any old temp file.<br /></span><span class="syntaxdefault"> cleanup_temp_file</span><span class="syntaxkeyword">()<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># Finalizer is attached to the webdialog so when it gets garbage collected<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># temp file is erased.<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># <br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># The temp filename needs to be different from the last on in order for the<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># html to be loaded. If the name is the same the content is not refreshed.<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment">#<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># For both the temp directory and temp file handling with better error<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># handling it'd probably best to port `tmpdir.rb` and `tempfile.rb` from<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># the Standard Ruby Library.<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment">#<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># http://www.ruby-doc.org/stdlib-1.8.6/<br /></span><span class="syntaxdefault"> tempdir </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> File</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">expand_path</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> ENV</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'TMPDIR'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> ENV</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'TMP'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">||</span><span class="syntaxdefault"> ENV</span><span class="syntaxkeyword">[</span><span class="syntaxstring">'TEMP'</span><span class="syntaxkeyword">]</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> unique_seed </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"#{self.object_id}#{Time.now.to_i}"</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">hash</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">abs<br /> filename </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> </span><span class="syntaxstring">"webdialog_#{unique_seed}.html"<br /></span><span class="syntaxdefault"> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> File</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">join</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> tempdir</span><span class="syntaxkeyword">,</span><span class="syntaxdefault"> filename </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> cleanup_proc </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> self</span><span class="syntaxkeyword">.class.</span><span class="syntaxdefault">cleanup_temp_file</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">dup </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> ObjectSpace</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">define_finalizer</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> self</span><span class="syntaxkeyword">,</span><span class="syntaxdefault"> cleanup_proc </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># Write the HTML content out to the temp file.<br /></span><span class="syntaxdefault"> File</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">open</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile</span><span class="syntaxkeyword">,</span><span class="syntaxdefault"> </span><span class="syntaxstring">'w'</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">)</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">{</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">|</span><span class="syntaxdefault">file</span><span class="syntaxkeyword">|<br /></span><span class="syntaxdefault"> file</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">write</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> html_string </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault"> set_file_original</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> nil<br /> end<br /> <br /> </span><span class="syntaxcomment"># @tempfile is set to `nil` when using #set_file and #set_url so the temp file<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># will be deleted. Since the #set_html wrapper uses #set_file it must be<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># aliased<br /></span><span class="syntaxdefault"> unless private_method_defined</span><span class="syntaxkeyword">?(</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">;</span><span class="syntaxdefault">set_file_original </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># Prevent redefining in case of script reloading which cause infinite loop.<br /></span><span class="syntaxdefault"> alias </span><span class="syntaxkeyword">;</span><span class="syntaxdefault">set_file_original </span><span class="syntaxkeyword">;</span><span class="syntaxdefault">set_file<br /> private </span><span class="syntaxkeyword">;</span><span class="syntaxdefault">set_file_original<br /> end<br /> </span><span class="syntaxcomment"># @param [String] filename<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @return [Nil]<br /></span><span class="syntaxdefault"> def set_file</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> filename </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> cleanup_temp_file</span><span class="syntaxkeyword">()<br /></span><span class="syntaxdefault"> set_file_original</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> filename </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> end<br /> <br /> </span><span class="syntaxcomment"># @param [String] url<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @return [Nil]<br /></span><span class="syntaxdefault"> def set_url</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> url </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> cleanup_temp_file</span><span class="syntaxkeyword">()<br /></span><span class="syntaxdefault"> super<br /> end<br /> <br /> </span><span class="syntaxcomment"># @return [Nil]<br /></span><span class="syntaxdefault"> def cleanup_temp_file<br /> if </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile<br /> ObjectSpace</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">undefine_finalizer</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> File</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">delete</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile </span><span class="syntaxkeyword">)</span><span class="syntaxdefault"> if File</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">exist</span><span class="syntaxkeyword">?(</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> end<br /> </span><span class="syntaxkeyword">@</span><span class="syntaxdefault">tempfile </span><span class="syntaxkeyword">=</span><span class="syntaxdefault"> nil<br /> end<br /> private </span><span class="syntaxkeyword">;</span><span class="syntaxdefault">cleanup_temp_file<br /> <br /> </span><span class="syntaxcomment"># @private<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment">#<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @see #set_html<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @see http://www.mikeperham.com/2010/02/24/the-trouble-with-ruby-finalizers/<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment">#<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @param [String] filename<br /></span><span class="syntaxdefault"> </span><span class="syntaxcomment"># @return [Proc]<br /></span><span class="syntaxdefault"> def self</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">cleanup_temp_file</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> filename </span><span class="syntaxkeyword">)<br /></span><span class="syntaxdefault"> proc </span><span class="syntaxkeyword">{</span><span class="syntaxdefault"> File</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">delete</span><span class="syntaxkeyword">(</span><span class="syntaxdefault"> filename </span><span class="syntaxkeyword">)</span><span class="syntaxdefault"> if File</span><span class="syntaxkeyword">.</span><span class="syntaxdefault">exist</span><span class="syntaxkeyword">?(</span><span class="syntaxdefault"> filename </span><span class="syntaxkeyword">)</span><span class="syntaxdefault"> </span><span class="syntaxkeyword">}<br /></span><span class="syntaxdefault"> end<br /> <br />end </span><span class="syntaxcomment"># class<br /></span><span class="syntaxdefault"> </span>
-
a couple observation while trying to get my head around all of this.
firstly, in Apples and probably Googles eyes the title of this thread should probably be 'WebDialog.set_html finally works as expected under Safari 5.0.6'. It does not appear to be not considered a 'bug', but a security enhancement.
It seems to have been implemented in Safari 4, to stop about:blank pages pirating local files and that some problem/oversite has allowed files:/// and other anonymous url's to work with about:blank pages in SU WebDialog and other WebView apps.
I have a number of html editors and they use temp files written to the relative folder, so if I try to edit index.html (for example) all the links, src's, url's, etc.. all remain relative and are considered safe. if I open the temp from a different folder I get load errors.
Although I know temp files can be anywhere (with corrected links) I think they should be in the originating plugins subfolder if they are unavoidable.
I also think bypassing 'about:blank' completely by having an actual html file that is then updated dynamically is also preferable.
but, since I'm not writing the rubies, time permitting, I'll test whatever you want to try.
john
-
I'm implementing a workaround where I manually use a temp file and .set_file into a patch I hope to release very soon.
It seems that at implementation level of .set_html differs from OSX and Windows. Where under Windows they create a temp file and feed that file to the web control. Where under OSX this is not the case, which is why we get about:blank and therefore get affected by strengthens security controls.
-
That's nice but it will depend on your Library ?
Has anyone logged this with Google ?? I'd think they'd wish to release patches if Safari 5.0.6 will break WebDialogs on all Mac versions.
-
@dan rathbun said:
That's nice but it will depend on your Library ?
Has anyone logged this with Google ?? I'd think they'd wish to release patches if Safari 5.0.6 will break WebDialogs on all Mac versions.
The only thing you need to implement is
TT::System.temp_path
which returns the temp directory. Other than that, the code snipped I posted is standalone. -
Fixed a small bug in the sample code.
-
Not personal.. but I'd prefer to rely on "tmpdir.rb" in the Standard Lib.
-
@dan rathbun said:
Not personal.. but I'd prefer to rely on "tmpdir.rb" in the Standard Lib.
Sure, it's just a bare bone example. In fact, it'd probably be best to use
tempfile.rb
to create the temp file as well.
Advertisement