use safe links by default

pull/1/head
ansuz 5 years ago
parent 4454740f5b
commit 259b3bca65

@ -1097,7 +1097,7 @@ define([
var priv = metadataMgr.getPrivateData(); var priv = metadataMgr.getPrivateData();
var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']);
if (useUnsafe !== false) { // true of undefined: use unsafe links if (useUnsafe === true) {
return void window.open(APP.origin + href); return void window.open(APP.origin + href);
} }

@ -874,7 +874,7 @@ define([
// Use hidden hash if needed (we're an owner of this pad so we know it is stored) // Use hidden hash if needed (we're an owner of this pad so we know it is stored)
var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']);
var href = (priv.readOnly && data.roHref) ? data.roHref : data.href; var href = (priv.readOnly && data.roHref) ? data.roHref : data.href;
if (useUnsafe === false) { if (useUnsafe !== true) {
var newParsed = Hash.parsePadUrl(href); var newParsed = Hash.parsePadUrl(href);
var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass); var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass);
var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {}); var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {});

@ -7,9 +7,10 @@ define([
'/common/cryptget.js', '/common/cryptget.js',
'/common/outer/mailbox.js', '/common/outer/mailbox.js',
'/customize/messages.js', '/customize/messages.js',
'/common/common-realtime.js',
'/bower_components/nthen/index.js', '/bower_components/nthen/index.js',
'/bower_components/chainpad-crypto/crypto.js', '/bower_components/chainpad-crypto/crypto.js',
], function (AppConfig, Feedback, Hash, Util, Messaging, Crypt, Mailbox, Messages, nThen, Crypto) { ], function (AppConfig, Feedback, Hash, Util, Messaging, Crypt, Mailbox, Messages, Realtime, nThen, Crypto) {
// Start migration check // Start migration check
// Versions: // Versions:
// 1: migrate pad attributes // 1: migrate pad attributes
@ -456,6 +457,37 @@ define([
if (version < 10) { if (version < 10) {
fixTodo(); fixTodo();
} }
}).nThen(function (waitFor) {
if (version >= 11) { return; }
// Migration 11: alert users of safe links as the new default
var done = function () {
Feedback.send('Migrate-11', true);
userObject.version = version = 11;
};
/* userObject.settings.security.unsafeLinks
undefined => the user has never touched it
false => the user has explicitly enabled "safe links"
true => the user has explicitly disabled "safe links"
*/
var unsafeLinks = Util.find(userObject, [ 'settings', 'security', 'unsafeLinks' ]);
if (unsafeLinks !== undefined) { return void done(); }
var ctx = {
store: store,
};
var myData = Messaging.createData(userObject);
Mailbox.sendTo(ctx, 'SAFE_LINKS_DEFAULT', {
user: myData,
}, {
channel: myData.notifications,
curvePublic: myData.curvePublic
}, waitFor(function (obj) {
if (obj && obj.error) { return void console.error(obj); }
done();
}));
/*}).nThen(function (waitFor) { /*}).nThen(function (waitFor) {
// Test progress bar in the loading screen // Test progress bar in the loading screen
var i = 0; var i = 0;
@ -467,7 +499,7 @@ define([
}, 500); }, 500);
progress(0, 0);*/ progress(0, 0);*/
}).nThen(function () { }).nThen(function () {
setTimeout(cb); Realtime.whenRealtimeSyncs(store.realtime, Util.bake(cb));
}); });
}; };
}); });

@ -387,6 +387,21 @@ define([
} }
}; };
handlers['SAFE_LINKS_DEFAULT'] = function (common, data) {
Messages.settings_safeLinkDefault = "SAFE LINKS ARE NOW DEFAULT"; // XXX
var content = data.content;
content.getFormatText = function () {
return Messages.settings_safeLinkDefault;
};
content.handler = function () {
common.openURL('/settings/#security');
};
if (!content.archived) {
content.dismissHandler = defaultDismiss(common, data);
}
};
// NOTE: don't forget to fixHTML everything returned by "getFormatText" // NOTE: don't forget to fixHTML everything returned by "getFormatText"

@ -515,6 +515,12 @@ define([
cb(); cb();
}; };
handlers["SAFE_LINKS_DEFAULT"] = function (ctx, box, data, cb) { // XXX
var curve = ctx.store.proxy.curvePublic;
if (data.msg.author !== curve) { return void cb(true); }
cb();
};
// Hide duplicates when receiving a SHARE_PAD notification: // Hide duplicates when receiving a SHARE_PAD notification:
// Keep only one notification per channel: the stronger and more recent one // Keep only one notification per channel: the stronger and more recent one
var comments = {}; var comments = {};

@ -823,7 +823,7 @@ define([
var opts = parsed.getOptions(); var opts = parsed.getOptions();
var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts);
var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']);
if (useUnsafe === false && window.history && window.history.replaceState) { if (useUnsafe !== true && window.history && window.history.replaceState) {
if (!/^#/.test(hash)) { hash = '#' + hash; } if (!/^#/.test(hash)) { hash = '#' + hash; }
window.history.replaceState({}, window.document.title, hash); window.history.replaceState({}, window.document.title, hash);
} }
@ -854,6 +854,7 @@ define([
path: initialPathInDrive, // Where to store the pad if we don't have it in our drive path: initialPathInDrive, // Where to store the pad if we don't have it in our drive
forceSave: true forceSave: true
}; };
// XXX copypaste from above...
Cryptpad.setPadTitle(data, function (err) { Cryptpad.setPadTitle(data, function (err) {
if (!err && !(obj && obj.notStored)) { if (!err && !(obj && obj.notStored)) {
// No error and the pad was correctly stored // No error and the pad was correctly stored
@ -861,7 +862,7 @@ define([
var opts = parsed.getOptions(); var opts = parsed.getOptions();
var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts);
var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']);
if (useUnsafe === false && window.history && window.history.replaceState) { if (useUnsafe !== true && window.history && window.history.replaceState) {
if (!/^#/.test(hash)) { hash = '#' + hash; } if (!/^#/.test(hash)) { hash = '#' + hash; }
window.history.replaceState({}, window.document.title, hash); window.history.replaceState({}, window.document.title, hash);
} }

Loading…
Cancel
Save