From 0ad96e0966faf660cc3ba8a62736b3e370e2f44a Mon Sep 17 00:00:00 2001 From: yflory Date: Mon, 27 Jan 2020 12:18:25 +0100 Subject: [PATCH] Hide the crypto keys from the hash --- www/common/common-hash.js | 42 ++++++++- www/common/cryptpad-common.js | 40 ++++++--- www/common/onlyoffice/main.js | 10 +++ www/common/outer/async-store.js | 39 +++++++- www/common/outer/store-rpc.js | 1 + www/common/sframe-app-outer.js | 11 +++ www/common/sframe-common-outer.js | 143 ++++++++++++++++++++++++------ www/poll/main.js | 11 +++ 8 files changed, 251 insertions(+), 46 deletions(-) diff --git a/www/common/common-hash.js b/www/common/common-hash.js index 90ccf805c..b92aea475 100644 --- a/www/common/common-hash.js +++ b/www/common/common-hash.js @@ -60,6 +60,18 @@ var factory = function (Util, Crypto, Nacl) { return '/2/' + secret.type + '/view/' + Crypto.b64RemoveSlashes(data.viewKeyStr) + '/' + pass; } }; + Hash.getHiddenHashFromKeys = function (type, secret, opts) { + var mode = (secret.keys && secret.keys.editKeyStr) ? 'edit' : 'view'; + var pass = secret.password ? 'p/' : ''; + var hash = '/2/' + secret.type + '/' + mode + '/' + secret.channel + '/' + pass; + var href = '/' + type + '/#' + hash; + var parsed = Hash.parsePadUrl(href); + if (parsed.hashData && parsed.hashData.getHash) { + return parsed.hashData.getHash(opts || {}); + } + return hash; + }; + var getFileHashFromKeys = Hash.getFileHashFromKeys = function (secret) { var version = secret.version; var data = secret.keys; @@ -192,6 +204,13 @@ Version 1 if (opts.present) { hash += 'present/'; } return hash; }; + parsed.getOptions = function () { + return { + embed: parsed.embed, + present: parsed.present, + ownerKey: parsed.ownerKey + }; + }; return parsed; } if (hashArr[1] && hashArr[1] === '2') { // Version 2 @@ -221,6 +240,13 @@ Version 1 if (opts.present) { hash += 'present/'; } return hash; }; + parsed.getOptions = function () { + return { + embed: parsed.embed, + present: parsed.present, + ownerKey: parsed.ownerKey + }; + }; return parsed; } return parsed; @@ -256,6 +282,13 @@ Version 1 if (opts.present) { hash += 'present/'; } return hash; }; + parsed.getOptions = function () { + return { + embed: parsed.embed, + present: parsed.present, + ownerKey: parsed.ownerKey + }; + }; return parsed; } return parsed; @@ -309,6 +342,10 @@ Version 1 url += '#' + hash; return url; }; + ret.getOptions = function () { + if (!ret.hashData || !ret.hashData.getOptions) { return {}; } + return ret.hashData.getOptions(); + }; if (!/^https*:\/\//.test(href)) { idx = href.indexOf('/#'); @@ -497,8 +534,9 @@ Version 1 if (typeof(parsed.hashData.version) === "undefined") { return; } // pads and files should have a base64 (or hex) key if (parsed.hashData.type === 'pad' || parsed.hashData.type === 'file') { - if (!parsed.hashData.key) { return; } - if (!/^[a-zA-Z0-9+-/=]+$/.test(parsed.hashData.key)) { return; } + if (!parsed.hashData.key && !parsed.hashData.channel) { return; } + if (parsed.hashData.key && !/^[a-zA-Z0-9+-/=]+$/.test(parsed.hashData.key)) { return; } + if (parsed.hashData.channel && !/^[a-f0-9]{32,34}$/.test(parsed.hashData.channel)) { return; } } } return true; diff --git a/www/common/cryptpad-common.js b/www/common/cryptpad-common.js index a0057c59a..0be93e14c 100644 --- a/www/common/cryptpad-common.js +++ b/www/common/cryptpad-common.js @@ -49,6 +49,12 @@ define([ account: {}, }; + // Store the href in memory + // This is a placeholder value overriden in common.ready from sframe-common-outer + var currentPad = { + href: window.location.href + }; + // COMMON common.getLanguage = function () { return Messages._languageUsed; @@ -374,7 +380,7 @@ define([ common.getMetadata = function (cb) { - var parsed = Hash.parsePadUrl(window.location.href); + var parsed = Hash.parsePadUrl(currentPad.href); postMessage("GET_METADATA", parsed && parsed.type, function (obj) { if (obj && obj.error) { return void cb(obj.error); } cb(null, obj); @@ -394,7 +400,7 @@ define([ common.setPadAttribute = function (attr, value, cb, href) { cb = cb || function () {}; - href = Hash.getRelativeHref(href || window.location.href); + href = Hash.getRelativeHref(href || currentPad.href); postMessage("SET_PAD_ATTRIBUTE", { href: href, attr: attr, @@ -405,7 +411,7 @@ define([ }); }; common.getPadAttribute = function (attr, cb, href) { - href = Hash.getRelativeHref(href || window.location.href); + href = Hash.getRelativeHref(href || currentPad.href); if (!href) { return void cb('E404'); } @@ -505,7 +511,7 @@ define([ }; common.saveAsTemplate = function (Cryptput, data, cb) { - var p = Hash.parsePadUrl(window.location.href); + var p = Hash.parsePadUrl(currentPad.href); if (!p.type) { return; } // PPP: password for the new template? var hash = Hash.createRandomHash(p.type); @@ -543,7 +549,7 @@ define([ var href = data.href; var parsed = Hash.parsePadUrl(href); - var parsed2 = Hash.parsePadUrl(window.location.href); + var parsed2 = Hash.parsePadUrl(currentPad.href); if(!parsed) { throw new Error("Cannot get template hash"); } postMessage("INCREMENT_TEMPLATE_USE", href); @@ -601,7 +607,7 @@ define([ var fileHost = Config.fileHost || window.location.origin; var data = common.fromFileData; var parsed = Hash.parsePadUrl(data.href); - var parsed2 = Hash.parsePadUrl(window.location.href); + var parsed2 = Hash.parsePadUrl(currentPad.href); var hash = parsed.hash; var name = data.title; var secret = Hash.getSecrets('file', hash, data.password); @@ -660,7 +666,7 @@ define([ // Forget button common.moveToTrash = function (cb, href) { - href = href || window.location.href; + href = href || currentPad.href; postMessage("MOVE_TO_TRASH", { href: href }, cb); }; @@ -668,7 +674,7 @@ define([ common.setPadTitle = function (data, cb) { if (!data || typeof (data) !== "object") { return cb ('Data is not an object'); } - var href = data.href || window.location.href; + var href = data.href || currentPad.href; var parsed = Hash.parsePadUrl(href); if (!parsed.hash) { return cb ('Invalid hash'); } data.href = parsed.getUrl({present: parsed.present}); @@ -698,7 +704,7 @@ define([ if (obj.error !== "EAUTH") { console.log("unable to set pad title"); } return void cb(obj.error); } - cb(); + cb(null, obj); }); }; @@ -755,6 +761,13 @@ define([ cb(void 0, data); }); }; + // Get data about a given channel: use with hidden hashes + common.getPadDataFromChannel = function (obj, cb) { + if (!obj || !obj.channel || !obj.edit) { return void cb('EINVAL'); } + postMessage("GET_PAD_DATA_FROM_CHANNEL", obj, function (data) { + cb(void 0, data); + }); + }; // Admin @@ -1608,7 +1621,7 @@ define([ hashes = Hash.getHashes(secret); return void cb(null, hashes); } - var parsed = Hash.parsePadUrl(window.location.href); + var parsed = Hash.parsePadUrl(currentPad.href); if (!parsed.type || !parsed.hashData) { return void cb('E_INVALID_HREF'); } hashes = Hash.getHashes(secret); @@ -1679,7 +1692,7 @@ define([ LocalStore.logout(); // redirect them to log in, and come back when they're done. - sessionStorage.redirectTo = window.location.href; + sessionStorage.redirectTo = currentPad.href; window.location.href = '/login/'; }; @@ -1780,6 +1793,11 @@ define([ return function (f, rdyCfg) { rdyCfg = rdyCfg || {}; + + if (rdyCfg.currentPad) { + currentPad = rdyCfg.currentPad; + } + if (initialized) { return void setTimeout(function () { f(void 0, env); }); } diff --git a/www/common/onlyoffice/main.js b/www/common/onlyoffice/main.js index b3a896360..600901872 100644 --- a/www/common/onlyoffice/main.js +++ b/www/common/onlyoffice/main.js @@ -9,6 +9,7 @@ define([ var requireConfig = RequireConfig(); // Loaded in load #2 + var hash, href; nThen(function (waitFor) { DomReady.onReady(waitFor()); }).nThen(function (waitFor) { @@ -19,6 +20,13 @@ define([ }; window.rc = requireConfig; window.apiconf = ApiConfig; + + // Hidden hash + hash = window.location.hash; + href = window.location.href; + if (window.history && window.history.replaceState) { + window.history.replaceState({}, window.document.title, '#'); + } document.getElementById('sbox-iframe').setAttribute('src', ApiConfig.httpSafeOrigin + window.location.pathname + 'inner.html?' + requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req))); @@ -144,6 +152,8 @@ define([ }); }; SFCommonO.start({ + hash: hash, + href: href, type: 'oo', useCreationScreen: true, addData: addData, diff --git a/www/common/outer/async-store.js b/www/common/outer/async-store.js index 681f1d575..4b2fda935 100644 --- a/www/common/outer/async-store.js +++ b/www/common/outer/async-store.js @@ -1016,8 +1016,12 @@ define([ if (title.trim() === "") { title = UserObject.getDefaultName(p); } - if (AppConfig.disableAnonymousStore && !store.loggedIn) { return void cb(); } - if (p.type === "debug") { return void cb(); } + if (AppConfig.disableAnonymousStore && !store.loggedIn) { + return void cb({ notStored: true }); + } + if (p.type === "debug") { + return void cb({ notStored: true }); + } var channelData = Store.channels && Store.channels[channel]; @@ -1108,7 +1112,7 @@ define([ postMessage(clientId, "AUTOSTORE_DISPLAY_POPUP", { autoStore: autoStore }); - return void cb(); + return void cb({ notStored: true }); } else { var roHref; if (h.mode === "view") { @@ -1187,7 +1191,9 @@ define([ }); cb(list); }; - // Get the first pad we can find in any of our managers and return its file data + + // Get the first pad we can find in any of our drives and return its file data + // NOTE: This is currently only used for template: this won't search inside shared folders Store.getPadData = function (clientId, id, cb) { var res = {}; getAllStores().some(function (s) { @@ -1199,6 +1205,31 @@ define([ cb(res); }; + Store.getPadDataFromChannel = function (clientId, obj, cb) { + var channel = obj.channel; + var edit = obj.edit; + var res; + var viewRes; + getAllStores().some(function (s) { + var chans = s.manager.findChannel(channel); + if (!Array.isArray(chans)) { return; } + return chans.some(function (pad) { + if (!pad || !pad.data) { return; } + var data = pad.data; + // We've found a match: return the value and stop the loops + if ((edit && data.href) || (!edit && data.roHref)) { + res = data; + return true; + } + // We've found a weaker match: store it for now + if (edit && !viewRes && data.roHref) { + viewRes = data; + } + }); + }); + // Call back with the best value we can get + cb(res || viewRes || {}); + }; // Messaging (manage friends from the userlist) Store.answerFriendRequest = function (clientId, obj, cb) { diff --git a/www/common/outer/store-rpc.js b/www/common/outer/store-rpc.js index 41963402b..41a3f7a0e 100644 --- a/www/common/outer/store-rpc.js +++ b/www/common/outer/store-rpc.js @@ -50,6 +50,7 @@ define([ GET_TEMPLATES: Store.getTemplates, GET_SECURE_FILES_LIST: Store.getSecureFilesList, GET_PAD_DATA: Store.getPadData, + GET_PAD_DATA_FROM_CHANNEL: Store.getPadDataFromChannel, GET_STRONGER_HASH: Store.getStrongerHash, INCREMENT_TEMPLATE_USE: Store.incrementTemplateUse, GET_SHARED_FOLDER: Store.getSharedFolder, diff --git a/www/common/sframe-app-outer.js b/www/common/sframe-app-outer.js index cc4d5fcb3..563430c42 100644 --- a/www/common/sframe-app-outer.js +++ b/www/common/sframe-app-outer.js @@ -8,6 +8,7 @@ define([ ], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) { var requireConfig = RequireConfig(); + var hash, href; nThen(function (waitFor) { DomReady.onReady(waitFor()); }).nThen(function (waitFor) { @@ -18,6 +19,14 @@ define([ }; window.rc = requireConfig; window.apiconf = ApiConfig; + + // Hidden hash + hash = window.location.hash; + href = window.location.href; + if (window.history && window.history.replaceState) { + window.history.replaceState({}, window.document.title, '#'); + } + document.getElementById('sbox-iframe').setAttribute('src', ApiConfig.httpSafeOrigin + window.location.pathname + 'inner.html?' + requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req))); @@ -36,6 +45,8 @@ define([ window.addEventListener('message', onMsg); }).nThen(function (/*waitFor*/) { SFCommonO.start({ + hash: hash, + href: href, useCreationScreen: true, messaging: true }); diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index ca84bc637..538fb4019 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -30,6 +30,11 @@ define([ var password; var initialPathInDrive; + var currentPad = { + href: cfg.href || window.location.href, + hash: cfg.hash || window.location.hash + }; + nThen(function (waitFor) { // Load #2, the loading screen is up so grab whatever you need... require([ @@ -134,11 +139,12 @@ define([ }); } }), { - driveEvents: cfg.driveEvents + driveEvents: cfg.driveEvents, + currentPad: currentPad }); })); }).nThen(function (waitFor) { - if (!Utils.Hash.isValidHref(window.location.href)) { + if (!Utils.Hash.isValidHref(currentPad.href)) { waitFor.abort(); return void sframeChan.event('EV_LOADING_ERROR', 'INVALID_HASH'); } @@ -171,11 +177,12 @@ define([ }); })); } else { - var parsed = Utils.Hash.parsePadUrl(window.location.href); + var parsed = Utils.Hash.parsePadUrl(currentPad.href); var todo = function () { - secret = Utils.secret = Utils.Hash.getSecrets(parsed.type, void 0, password); + secret = Utils.secret = Utils.Hash.getSecrets(parsed.type, parsed.hash, password); Cryptpad.getShareHashes(secret, waitFor(function (err, h) { hashes = h; + /* XXX this won't happen again: we don't need to update the rendered hash if (password && !parsed.hashData.password) { var ohc = window.onhashchange; window.onhashchange = function () {}; @@ -183,6 +190,7 @@ define([ window.onhashchange = ohc; ohc({reset: true}); } + */ })); }; @@ -241,13 +249,13 @@ define([ if (parsed.type === "file") { // `isNewChannel` doesn't work for files (not a channel) // `getFileSize` is not adapted to channels because of metadata - Cryptpad.getFileSize(window.location.href, password, function (e, size) { + Cryptpad.getFileSize(currentPad.href, password, function (e, size) { next(e, size === 0); }); return; } // Not a file, so we can use `isNewChannel` - Cryptpad.isNewChannel(window.location.href, password, next); + Cryptpad.isNewChannel(currentPad.href, password, next); }); sframeChan.event("EV_PAD_PASSWORD", cfg); }; @@ -257,7 +265,60 @@ define([ var passwordCfg = { value: '' }; + + // Hidden hash: can't find the channel in our drives: abort + var noPadData = function (err) { + console.error(err); + // XXX Display error screen in inner + }; + // Hidden hash: can't find requestd edit URL in our drives: ask + var badPadData = function (cb) { + // If we requested edit but we only know view: ??? + setTimeout(function () { + cb(true); + }); // XXX ask in inner? + }; + + var newHref; nThen(function (w) { + if (!parsed.hashData.key && parsed.hashData.channel) { + Cryptpad.getPadDataFromChannel({ + channel: parsed.hashData.channel, + edit: parsed.hashData.mode === 'edit' + }, w(function (err, res) { + // Error while getting data? abort + if (err || !res || res.error) { + w.abort(); + return void noPadData(err || (!res ? 'EINVAL' : res.error)); + } + // No data found? abort + if (!Object.keys(res).length) { + w.abort(); + return void noPadData('NO_RESULT'); + } + // Data found but weaker? warn + if (parsed.hashData.mode === 'edit' && !res.href) { + return void badPadData(w(function (load) { + if (!load) { + w.abort(); + return; + } + newHref = res.roHref; + })); + } + // We have good data, keep the hash in memory + newHref = res.href; + })); + } + }).nThen(function (w) { + if (newHref) { + // Get the options (embed, present, etc.) of the hidden hash + // Use the same options in the full hash + var opts = parsed.getOptions(); + parsed = Utils.Hash.parsePadUrl(newHref); + currentPad.href = parsed.getUrl(opts); + currentPad.hash = parsed.hashData && parsed.hashData.getHash(opts); + } Cryptpad.getPadAttribute('title', w(function (err, data) { stored = (!err && typeof (data) === "string"); })); @@ -273,7 +334,7 @@ define([ if (parsed.type === "file") { // `isNewChannel` doesn't work for files (not a channel) // `getFileSize` is not adapted to channels because of metadata - Cryptpad.getFileSize(window.location.href, password, w(function (e, size) { + Cryptpad.getFileSize(currentPad.href, password, w(function (e, size) { if (size !== 0) { return void todo(); } // Wrong password or deleted file? askPassword(true, passwordCfg); @@ -281,7 +342,7 @@ define([ return; } // Not a file, so we can use `isNewChannel` - Cryptpad.isNewChannel(window.location.href, password, w(function(e, isNew) { + Cryptpad.isNewChannel(currentPad.href, password, w(function(e, isNew) { if (!isNew) { return void todo(); } if (parsed.hashData.mode === 'view' && (password || !parsed.hashData.password)) { // Error, wrong password stored, the view seed has changed with the password @@ -305,10 +366,12 @@ define([ } }).nThen(function (waitFor) { // Check if the pad exists on server - if (!window.location.hash) { isNewFile = true; return; } + if (!currentPad.hash) { isNewFile = true; return; } if (realtime) { - Cryptpad.isNewChannel(window.location.href, password, waitFor(function (e, isNew) { + // TODO we probably don't need to check again for password-protected pads + // (we use isNewChannel to test the password...) + Cryptpad.isNewChannel(currentPad.href, password, waitFor(function (e, isNew) { if (e) { return console.error(e); } isNewFile = Boolean(isNew); })); @@ -322,7 +385,7 @@ define([ readOnly = false; } Utils.crypto = Utils.Crypto.createEncryptor(Utils.secret.keys); - var parsed = Utils.Hash.parsePadUrl(window.location.href); + var parsed = Utils.Hash.parsePadUrl(currentPad.href); var burnAfterReading = parsed && parsed.hashData && parsed.hashData.ownerKey; if (!parsed.type) { throw new Error(); } var defaultTitle = Utils.UserObject.getDefaultName(parsed); @@ -342,7 +405,7 @@ define([ notifications = metaObj.user.notifications; })); if (typeof(isTemplate) === "undefined") { - Cryptpad.isTemplate(window.location.href, waitFor(function (err, t) { + Cryptpad.isTemplate(currentPad.href, waitFor(function (err, t) { if (err) { console.log(err); } isTemplate = t; })); @@ -368,7 +431,7 @@ define([ upgradeURL: Cryptpad.upgradeURL }, isNewFile: isNewFile, - isDeleted: isNewFile && window.location.hash.length > 0, + isDeleted: isNewFile && currentPad.hash.length > 0, forceCreationScreen: forceCreationScreen, password: password, channel: secret.channel, @@ -487,7 +550,7 @@ define([ }); sframeChan.on('Q_SET_LOGIN_REDIRECT', function (data, cb) { - sessionStorage.redirectTo = window.location.href; + sessionStorage.redirectTo = currentPad.href; cb(); }); @@ -570,7 +633,16 @@ define([ channel: secret.channel, path: initialPathInDrive // Where to store the pad if we don't have it in our drive }; - Cryptpad.setPadTitle(data, function (err) { + Cryptpad.setPadTitle(data, function (err, obj) { + if (!err && !(obj && obj.notStored)) { + // Pad is stored: hide the hash + var opts = parsed.getOptions(); + var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); + if (window.history && window.history.replaceState) { + if (!/^#/.test(hash)) { hash = '#' + hash; } + window.history.replaceState({}, window.document.title, hash); + } + } cb({error: err}); }); }); @@ -580,6 +652,9 @@ define([ }); sframeChan.on('EV_SET_HASH', function (hash) { + // In this case, we want to set the hash for the next page reload + // This hash is a category for the sidebar layout apps + // No need to store it in memory window.location.hash = hash; }); @@ -801,15 +876,19 @@ define([ // Present mode URL sframeChan.on('Q_PRESENT_URL_GET_VALUE', function (data, cb) { - var parsed = Utils.Hash.parsePadUrl(window.location.href); + var parsed = Utils.Hash.parsePadUrl(currentPad.href); cb(parsed.hashData && parsed.hashData.present); }); sframeChan.on('EV_PRESENT_URL_SET_VALUE', function (data) { - var parsed = Utils.Hash.parsePadUrl(window.location.href); - window.location.href = parsed.getUrl({ - embed: parsed.hashData.embed, - present: data - }); + // Update the rendered hash and the full hash with the "present" settings + var opts = parsed.getOptions(); + opts.present = data; + // Full hash + currentPad.href = parsed.getUrl(opts); + if (parsed.hashData) { currentPad.hash = parsed.hashData.getHash(opts); } + // Rendered (maybe hidden) hash + var hiddenParsed = Utils.Hash.parsePadUrl(window.location.href); + window.location.href = hiddenParsed.getUrl(opts); }); @@ -1011,7 +1090,7 @@ define([ }); sframeChan.on('Q_BLOB_PASSWORD_CHANGE', function (data, cb) { - data.href = data.href || window.location.href; + data.href = data.href || currentPad.href; var onPending = function (cb) { sframeChan.query('Q_BLOB_PASSWORD_CHANGE_PENDING', null, function (err, obj) { if (obj && obj.cancel) { cb(); } @@ -1027,12 +1106,12 @@ define([ }); sframeChan.on('Q_OO_PASSWORD_CHANGE', function (data, cb) { - data.href = data.href || window.location.href; + data.href = data.href || currentPad.href; Cryptpad.changeOOPassword(data, cb); }); sframeChan.on('Q_PAD_PASSWORD_CHANGE', function (data, cb) { - data.href = data.href || window.location.href; + data.href = data.href || currentPad.href; Cryptpad.changePadPassword(Cryptget, Crypto, data, cb); }); @@ -1234,7 +1313,11 @@ define([ var startRealtime = function (rtConfig) { rtConfig = rtConfig || {}; rtStarted = true; + var replaceHash = function (hash) { + // XXX Always put the full hash here. + // The pad has just been created but is not stored yet. We'll switch + // to hidden hash once the pad is stored if (window.history && window.history.replaceState) { if (!/^#/.test(hash)) { hash = '#' + hash; } window.history.replaceState({}, window.document.title, hash); @@ -1250,7 +1333,7 @@ define([ Cryptpad.padRpc.onReadyEvent.reg(function () { Cryptpad.burnPad({ password: password, - href: window.location.href, + href: currentPad.href, channel: secret.channel, ownerKey: burnAfterReading }); @@ -1265,7 +1348,7 @@ define([ readOnly: readOnly, crypto: Crypto.createEncryptor(secret.keys), onConnect: function () { - if (window.location.hash && window.location.hash !== '#') { + if (currentPad.hash && currentPad.hash !== '#') { /*window.location = parsed.getUrl({ present: parsed.hashData.present, embed: parsed.hashData.embed @@ -1278,11 +1361,11 @@ define([ }; nThen(function (waitFor) { - if (isNewFile && cfg.owned && !window.location.hash) { + if (isNewFile && cfg.owned && !currentPad.hash) { Cryptpad.getMetadata(waitFor(function (err, m) { cpNfCfg.owners = [m.priv.edPublic]; })); - } else if (isNewFile && !cfg.useCreationScreen && window.location.hash) { + } else if (isNewFile && !cfg.useCreationScreen && currentPad.hash) { console.log("new file with hash in the address bar in an app without pcs and which requires owners"); sframeChan.onReady(function () { sframeChan.query("EV_LOADING_ERROR", "DELETED"); @@ -1309,11 +1392,13 @@ define([ var ohc = window.onhashchange; window.onhashchange = function () {}; window.location.hash = newHash; + currentPad.hash = newHash; + currentPad.href = '/' + parsed.type + '/#' + newHash; window.onhashchange = ohc; ohc({reset: true}); // Update metadata values and send new metadata inside - parsed = Utils.Hash.parsePadUrl(window.location.href); + parsed = Utils.Hash.parsePadUrl(currentPad.href); defaultTitle = Utils.UserObject.getDefaultName(parsed); hashes = Utils.Hash.getHashes(secret); readOnly = false; diff --git a/www/poll/main.js b/www/poll/main.js index 2f62d3323..f2747b055 100644 --- a/www/poll/main.js +++ b/www/poll/main.js @@ -9,6 +9,7 @@ define([ var requireConfig = RequireConfig(); // Loaded in load #2 + var hash, href; nThen(function (waitFor) { DomReady.onReady(waitFor()); }).nThen(function (waitFor) { @@ -19,6 +20,14 @@ define([ }; window.rc = requireConfig; window.apiconf = ApiConfig; + + // Hidden hash + hash = window.location.hash; + href = window.location.href; + if (window.history && window.history.replaceState) { + window.history.replaceState({}, window.document.title, '#'); + } + document.getElementById('sbox-iframe').setAttribute('src', ApiConfig.httpSafeOrigin + '/poll/inner.html?' + requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req))); @@ -37,6 +46,8 @@ define([ window.addEventListener('message', onMsg); }).nThen(function (/*waitFor*/) { SFCommonO.start({ + hash: hash, + href: href, useCreationScreen: true, messaging: true });