restrict activities performed in a nested context

pull/1/head
ansuz 3 years ago
parent e1abf4ef77
commit 26fcda633e

@ -523,6 +523,16 @@ define([
UI.openCustomModal(modal);
};
Messages.ui_openDirectly = "This functionality is not available when CryptPad is embedded in another site. Open this pad in its own window?";// XXX
UIElements.openDirectlyConfirmation = function (common, cb) {
cb = cb || Util.noop;
UI.confirm(h('p', Messages.ui_openDirectly), yes => {
if (!yes) { return void cb(yes); }
common.openDirectly();
cb(yes);
});
};
UIElements.createButton = function (common, type, rightside, data, callback) {
var AppConfig = common.getAppConfig();
var button;

@ -734,6 +734,10 @@ define([
var createFilePicker = function () {
if (!common.isLoggedIn()) { return; }
$embedButton = common.createButton('mediatag', true).click(function () {
if (!cpNfInner.metadataMgr.getPrivateData().isTop) {
return void UIElements.openDirectlyConfirmation(common);
}
var cfg = {
types: ['file', 'link'],
where: ['root']

@ -641,6 +641,7 @@ define([
prefersDriveRedirect: Utils.LocalStore.getDriveRedirectPreference(),
isPresent: parsed.hashData && parsed.hashData.present,
isEmbed: parsed.hashData && parsed.hashData.embed,
isTop: window.top === window,
canEdit: hashes && hashes.editHash,
oldVersionHash: parsed.hashData && parsed.hashData.version < 2, // password
isHistoryVersion: parsed.hashData && parsed.hashData.versionHash,
@ -838,14 +839,19 @@ define([
}
});
sframeChan.on('EV_OPEN_URL', function (url) {
if (url) {
var a = window.open(url);
if (!a) {
sframeChan.event('EV_POPUP_BLOCKED');
}
var openURL = function (url) {
if (!url) { return; }
var a = window.open(url);
if (!a) {
sframeChan.event('EV_POPUP_BLOCKED');
}
};
sframeChan.on('EV_OPEN_URL_DIRECTLY', function () {
var url = currentPad.href;
openURL(url);
});
sframeChan.on('EV_OPEN_URL', openURL);
sframeChan.on('EV_OPEN_UNSAFE_URL', function (url) {
if (url) {

@ -662,6 +662,9 @@ define([
});
};
funcs.openDirectly = function () {
ctx.sframeChan.event('EV_OPEN_URL_DIRECTLY');
};
funcs.gotoURL = function (url) { ctx.sframeChan.event('EV_GOTO_URL', url); };
funcs.openURL = function (url) { ctx.sframeChan.event('EV_OPEN_URL', url); };
funcs.getBounceURL = function (url) {

@ -582,6 +582,9 @@ MessengerUI, Messages, Pages) {
hidden: true
});
$shareBlock.click(function () {
if (!config.metadataMgr.getPrivateData().isTop) {
return void UIElements.openDirectlyConfirmation(Common);
}
if (toolbar.isDeleted) {
return void UI.warn(Messages.deletedFromServer);
}
@ -609,7 +612,10 @@ MessengerUI, Messages, Pages) {
h('i.fa.fa-unlock-alt'),
h('span.cp-button-name', Messages.accessButton)
]));
$accessBlock.click(function () {
$accessBlock.click(function () {
if (!config.metadataMgr.getPrivateData().isTop) {
return void UIElements.openDirectlyConfirmation(Common);
}
if (toolbar.isDeleted) {
return void UI.warn(Messages.deletedFromServer);
}

Loading…
Cancel
Save