This commit is contained in:
Calvin Montgomery 2018-08-18 13:14:37 -07:00
parent c5c4fba7ce
commit f19efdb859
3 changed files with 33 additions and 22 deletions

View File

@ -2,7 +2,7 @@
"author": "Calvin Montgomery",
"name": "CyTube",
"description": "Online media synchronizer and chat",
"version": "3.57.0",
"version": "3.57.1",
"repository": {
"url": "http://github.com/calzoneman/sync"
},

View File

@ -266,7 +266,14 @@ Callbacks = {
if(opts.externaljs.trim() != "" && !USEROPTS.ignore_channeljs &&
opts.externaljs !== CHANNEL.opts.externaljs) {
checkScriptAccess(opts.externaljs, "external", function (pref) {
var viewSource = document.createElement("a");
viewSource.className = "btn btn-danger";
viewSource.setAttribute("role", "button");
viewSource.setAttribute("target", "_blank");
viewSource.setAttribute("rel", "noopener noreferer");
viewSource.textContent = "View external script source";
viewSource.href = opts.externaljs;
checkScriptAccess(viewSource, "external", function (pref) {
if (pref === "ALLOW") {
$.getScript(opts.externaljs);
}
@ -304,19 +311,20 @@ Callbacks = {
$("#cs-jstext").val(data.js);
if(data.js && !USEROPTS.ignore_channeljs) {
var src = data.js
.replace(/&/g, "&")
.replace(/</g, "&lt;")
.replace(/>/g, "&gt;")
.replace(/\n/g, "<br>")
.replace(/\t/g, " ")
.replace(/ /g, "&nbsp;");
src = encodeURIComponent(src);
var viewSource = document.createElement("button");
viewSource.className = "btn btn-danger";
viewSource.textContent = "View inline script source";
viewSource.onclick = function () {
var content = document.createElement("pre");
content.textContent = data.js;
modalAlert({
title: "Inline JS",
htmlContent: content.outerHTML,
dismissText: "Close"
});
};
var viewsource = "data:text/html, <body style='font: 9pt monospace;" +
"max-width:60rem;margin:0 auto;padding:4rem;'>" +
src + "</body>";
checkScriptAccess(viewsource, "embedded", function (pref) {
checkScriptAccess(viewSource, "embedded", function (pref) {
if (pref === "ALLOW") {
$("<script/>").attr("type", "text/javascript")
.attr("id", "chanjs")

View File

@ -2138,7 +2138,7 @@ function modalAlert(options) {
var footer = $("<div/>").addClass("modal-footer");
var okButton = $("<button/>").addClass("btn btn-primary")
.attr({ "data-dismiss": "modal"})
.text("OK")
.text(options.dismissText || "OK")
.appendTo(footer);
footer.appendTo(modal.find(".modal-content"));
modal.appendTo(document.body);
@ -2783,7 +2783,7 @@ function initPm(user) {
return pm;
}
function checkScriptAccess(source, type, cb) {
function checkScriptAccess(viewSource, type, cb) {
var pref = JSPREF[CHANNEL.name.toLowerCase() + "_" + type];
if (pref === "ALLOW") {
return cb("ALLOW");
@ -2791,7 +2791,7 @@ function checkScriptAccess(source, type, cb) {
var div = $("#chanjs-allow-prompt");
if (div.length > 0) {
setTimeout(function () {
checkScriptAccess(source, type, cb);
checkScriptAccess(viewSource, type, cb);
}, 500);
return;
}
@ -2805,11 +2805,14 @@ function checkScriptAccess(source, type, cb) {
.attr("id", "chanjs-allow-prompt")
.attr("style", "text-align: center")
.appendTo(div);
if (type === "embedded") {
form.append("<span>This channel has special features that require your permission to run.</span><br>");
$("<a/>").attr("href", source)
.attr("target", "_blank")
.text(type === "embedded" ? "view embedded script" : source)
.appendTo(form);
} else {
form.append("<span>This channel has special features that require your permission to run. This script is hosted on a third-party website and is not endorsed by the owners of the website hosting this channel.</span><br>");
}
$(viewSource).appendTo(form);
form.append("<div id='chanjs-allow-prompt-buttons'>" +
"<button id='chanjs-allow' class='btn btn-xs btn-danger'>Allow</button>" +
"<button id='chanjs-deny' class='btn btn-xs btn-danger'>Deny</button>" +