From ebff3046026f7e7fe0d41de7e348b32daea71fef Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 6 Dec 2016 15:16:43 +0100 Subject: [PATCH 1/3] turn off some unwanted behaviour --- www/poll/main.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/www/poll/main.js b/www/poll/main.js index 9fbf2cfde..7417ad10b 100644 --- a/www/poll/main.js +++ b/www/poll/main.js @@ -435,7 +435,7 @@ define([ var msg = Messages.poll_addUser; Cryptpad.prompt(msg, "", function (name) { - if (name === null) { return; } + if (!(name && name.trim())) { return; } makeUser(module.rt.proxy, id, name).val(name); makeUserEditable(id, true).focus(); }); @@ -782,14 +782,16 @@ define([ })); } +/* if (!readOnly && module.viewHash) { - /* add a 'links' button */ + /* add a 'links' button var $links = Cryptpad.createButton('readonly', true, {viewHash: module.viewHash}) .text(Messages.getViewButton) .removeAttr('style') .attr('class', 'action button readonly'); $toolbar.append($links); } +*/ /* Import/Export buttons */ /* From b79618c94a8be478fcffba79d7576bf77cae34f3 Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 6 Dec 2016 16:00:38 +0100 Subject: [PATCH 2/3] don't allow listeners in /slide/ --- www/slide/slide.js | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/www/slide/slide.js b/www/slide/slide.js index b07c1b63d..cae81204f 100644 --- a/www/slide/slide.js +++ b/www/slide/slide.js @@ -45,7 +45,7 @@ define([ var unsafeTag = function (info) { if (['addAttribute', 'modifyAttribute'].indexOf(info.diff.action) !== -1) { if (/^on/.test(info.diff.name)) { - console.log("Rejecting forbidden element attribute with name", info.diff.element.nodeName); + console.log("Rejecting forbidden element attribute with name", info.diff.name); return true; } } @@ -91,12 +91,28 @@ define([ return patch; }; + var slice = function (coll) { + return Array.prototype.slice.call(coll); + }; + + /* remove listeners from the DOM */ + var removeListeners = function (root) { + slice(root.attributes).map(function (attr) { + if (/^on/.test(attr.name)) { + root.attributes.removeNamedItem(attr.name); + } + }); + // all the way down + slice(root.children).forEach(removeListeners); + }; + var draw = Slide.draw = function (i) { console.log("Trying to draw slide #%s", i); if (typeof(Slide.content[i]) !== 'string') { return; } var c = Slide.content[i]; var Dom = domFromHTML('
' + Marked(c) + '
'); + removeListeners(Dom.body); var patch = makeDiff(domFromHTML($content[0].outerHTML), Dom); if (typeof(patch) === 'string') { From 4cd9bd553461ac5e07c1eb7a13f8ee1322da1dee Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 6 Dec 2016 16:21:11 +0100 Subject: [PATCH 3/3] strip listeners --- www/pad/main.js | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/www/pad/main.js b/www/pad/main.js index 0ad2778b8..457913cb5 100644 --- a/www/pad/main.js +++ b/www/pad/main.js @@ -35,8 +35,23 @@ define([ window.Toolbar = Toolbar; window.Hyperjson = Hyperjson; + var slice = function (coll) { + return Array.prototype.slice.call(coll); + }; + + var removeListeners = function (root) { + slice(root.attributes).map(function (attr) { + if (/^on/.test(attr.name)) { + root.attributes.removeNamedItem(attr.name); + } + }); + slice(root.children).forEach(removeListeners); + }; + var hjsonToDom = function (H) { - return Hyperjson.toDOM(H); //callOn(H, Hyperscript); + var dom = Hyperjson.toDOM(H); + removeListeners(dom); + return dom; }; var module = window.REALTIME_MODULE = window.APP = {