moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix #762

This commit is contained in:
Calvin Montgomery 2018-08-18 13:14:37 -07:00
parent c5c4fba7ce
commit f19efdb859
3 changed files with 33 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package.json
View File

@ -2,7 +2,7 @@
"author": "Calvin Montgomery", "author": "Calvin Montgomery",
"name": "CyTube", "name": "CyTube",
"description": "Online media synchronizer and chat", "description": "Online media synchronizer and chat",
"version": "3.57.0", "version": "3.57.1",
"repository": { "repository": {
"url": "http://github.com/calzoneman/sync" "url": "http://github.com/calzoneman/sync"
}, },

34
www/js/callbacks.js
View File

@ -266,7 +266,14 @@ Callbacks = {
if(opts.externaljs.trim() != "" && !USEROPTS.ignore_channeljs && if(opts.externaljs.trim() != "" && !USEROPTS.ignore_channeljs &&
opts.externaljs !== CHANNEL.opts.externaljs) { opts.externaljs !== CHANNEL.opts.externaljs) {
checkScriptAccess(opts.externaljs, "external", function (pref) { var viewSource = document.createElement("a");
viewSource.className = "btn btn-danger";
viewSource.setAttribute("role", "button");
viewSource.setAttribute("target", "_blank");
viewSource.setAttribute("rel", "noopener noreferer");
viewSource.textContent = "View external script source";
viewSource.href = opts.externaljs;
checkScriptAccess(viewSource, "external", function (pref) {
if (pref === "ALLOW") { if (pref === "ALLOW") {
$.getScript(opts.externaljs); $.getScript(opts.externaljs);
} }
@ -304,19 +311,20 @@ Callbacks = {
$("#cs-jstext").val(data.js); $("#cs-jstext").val(data.js);
if(data.js && !USEROPTS.ignore_channeljs) { if(data.js && !USEROPTS.ignore_channeljs) {
var src = data.js var viewSource = document.createElement("button");
.replace(/&/g, "&") viewSource.className = "btn btn-danger";
.replace(/</g, "&lt;") viewSource.textContent = "View inline script source";
.replace(/>/g, "&gt;") viewSource.onclick = function () {
.replace(/\n/g, "<br>") var content = document.createElement("pre");
.replace(/\t/g, " ") content.textContent = data.js;
.replace(/ /g, "&nbsp;"); modalAlert({
src = encodeURIComponent(src); title: "Inline JS",
htmlContent: content.outerHTML,
dismissText: "Close"
});
};
var viewsource = "data:text/html, <body style='font: 9pt monospace;" + checkScriptAccess(viewSource, "embedded", function (pref) {
"max-width:60rem;margin:0 auto;padding:4rem;'>" +
src + "</body>";
checkScriptAccess(viewsource, "embedded", function (pref) {
if (pref === "ALLOW") { if (pref === "ALLOW") {
$("<script/>").attr("type", "text/javascript") $("<script/>").attr("type", "text/javascript")
.attr("id", "chanjs") .attr("id", "chanjs")

17
www/js/util.js
View File

@ -2138,7 +2138,7 @@ function modalAlert(options) {
var footer = $("<div/>").addClass("modal-footer"); var footer = $("<div/>").addClass("modal-footer");
var okButton = $("<button/>").addClass("btn btn-primary") var okButton = $("<button/>").addClass("btn btn-primary")
.attr({ "data-dismiss": "modal"}) .attr({ "data-dismiss": "modal"})
.text("OK") .text(options.dismissText || "OK")
.appendTo(footer); .appendTo(footer);
footer.appendTo(modal.find(".modal-content")); footer.appendTo(modal.find(".modal-content"));
modal.appendTo(document.body); modal.appendTo(document.body);
@ -2783,7 +2783,7 @@ function initPm(user) {
return pm; return pm;
} }
function checkScriptAccess(source, type, cb) { function checkScriptAccess(viewSource, type, cb) {
var pref = JSPREF[CHANNEL.name.toLowerCase() + "_" + type]; var pref = JSPREF[CHANNEL.name.toLowerCase() + "_" + type];
if (pref === "ALLOW") { if (pref === "ALLOW") {
return cb("ALLOW"); return cb("ALLOW");
@ -2791,7 +2791,7 @@ function checkScriptAccess(source, type, cb) {
var div = $("#chanjs-allow-prompt"); var div = $("#chanjs-allow-prompt");
if (div.length > 0) { if (div.length > 0) {
setTimeout(function () { setTimeout(function () {
checkScriptAccess(source, type, cb); checkScriptAccess(viewSource, type, cb);
}, 500); }, 500);
return; return;
} }
@ -2805,11 +2805,14 @@ function checkScriptAccess(source, type, cb) {
.attr("id", "chanjs-allow-prompt") .attr("id", "chanjs-allow-prompt")
.attr("style", "text-align: center") .attr("style", "text-align: center")
.appendTo(div); .appendTo(div);
if (type === "embedded") {
form.append("<span>This channel has special features that require your permission to run.</span><br>"); form.append("<span>This channel has special features that require your permission to run.</span><br>");
$("<a/>").attr("href", source) } else {
.attr("target", "_blank") form.append("<span>This channel has special features that require your permission to run. This script is hosted on a third-party website and is not endorsed by the owners of the website hosting this channel.</span><br>");
.text(type === "embedded" ? "view embedded script" : source) }
.appendTo(form);
$(viewSource).appendTo(form);
form.append("<div id='chanjs-allow-prompt-buttons'>" + form.append("<div id='chanjs-allow-prompt-buttons'>" +
"<button id='chanjs-allow' class='btn btn-xs btn-danger'>Allow</button>" + "<button id='chanjs-allow' class='btn btn-xs btn-danger'>Allow</button>" +
"<button id='chanjs-deny' class='btn btn-xs btn-danger'>Deny</button>" + "<button id='chanjs-deny' class='btn btn-xs btn-danger'>Deny</button>" +