From 26fcda633e12dc0d74d69a14a92673a21d00836d Mon Sep 17 00:00:00 2001 From: ansuz Date: Tue, 15 Mar 2022 12:00:41 +0530 Subject: [PATCH] restrict activities performed in a nested context --- www/common/common-ui-elements.js | 10 ++++++++++ www/common/sframe-app-framework.js | 4 ++++ www/common/sframe-common-outer.js | 18 ++++++++++++------ www/common/sframe-common.js | 3 +++ www/common/toolbar.js | 8 +++++++- 5 files changed, 36 insertions(+), 7 deletions(-) diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index 01e19f0ef..154fd1d6e 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -523,6 +523,16 @@ define([ UI.openCustomModal(modal); }; + Messages.ui_openDirectly = "This functionality is not available when CryptPad is embedded in another site. Open this pad in its own window?";// XXX + UIElements.openDirectlyConfirmation = function (common, cb) { + cb = cb || Util.noop; + UI.confirm(h('p', Messages.ui_openDirectly), yes => { + if (!yes) { return void cb(yes); } + common.openDirectly(); + cb(yes); + }); + }; + UIElements.createButton = function (common, type, rightside, data, callback) { var AppConfig = common.getAppConfig(); var button; diff --git a/www/common/sframe-app-framework.js b/www/common/sframe-app-framework.js index e0962daf7..04821ce15 100644 --- a/www/common/sframe-app-framework.js +++ b/www/common/sframe-app-framework.js @@ -734,6 +734,10 @@ define([ var createFilePicker = function () { if (!common.isLoggedIn()) { return; } $embedButton = common.createButton('mediatag', true).click(function () { + if (!cpNfInner.metadataMgr.getPrivateData().isTop) { + return void UIElements.openDirectlyConfirmation(common); + } + var cfg = { types: ['file', 'link'], where: ['root'] diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index 91d11c20d..1dd30afa1 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -641,6 +641,7 @@ define([ prefersDriveRedirect: Utils.LocalStore.getDriveRedirectPreference(), isPresent: parsed.hashData && parsed.hashData.present, isEmbed: parsed.hashData && parsed.hashData.embed, + isTop: window.top === window, canEdit: hashes && hashes.editHash, oldVersionHash: parsed.hashData && parsed.hashData.version < 2, // password isHistoryVersion: parsed.hashData && parsed.hashData.versionHash, @@ -838,14 +839,19 @@ define([ } }); - sframeChan.on('EV_OPEN_URL', function (url) { - if (url) { - var a = window.open(url); - if (!a) { - sframeChan.event('EV_POPUP_BLOCKED'); - } + var openURL = function (url) { + if (!url) { return; } + var a = window.open(url); + if (!a) { + sframeChan.event('EV_POPUP_BLOCKED'); } + }; + + sframeChan.on('EV_OPEN_URL_DIRECTLY', function () { + var url = currentPad.href; + openURL(url); }); + sframeChan.on('EV_OPEN_URL', openURL); sframeChan.on('EV_OPEN_UNSAFE_URL', function (url) { if (url) { diff --git a/www/common/sframe-common.js b/www/common/sframe-common.js index 8f97ba265..66977d664 100644 --- a/www/common/sframe-common.js +++ b/www/common/sframe-common.js @@ -662,6 +662,9 @@ define([ }); }; + funcs.openDirectly = function () { + ctx.sframeChan.event('EV_OPEN_URL_DIRECTLY'); + }; funcs.gotoURL = function (url) { ctx.sframeChan.event('EV_GOTO_URL', url); }; funcs.openURL = function (url) { ctx.sframeChan.event('EV_OPEN_URL', url); }; funcs.getBounceURL = function (url) { diff --git a/www/common/toolbar.js b/www/common/toolbar.js index 8931c57f5..11772ca06 100644 --- a/www/common/toolbar.js +++ b/www/common/toolbar.js @@ -582,6 +582,9 @@ MessengerUI, Messages, Pages) { hidden: true }); $shareBlock.click(function () { + if (!config.metadataMgr.getPrivateData().isTop) { + return void UIElements.openDirectlyConfirmation(Common); + } if (toolbar.isDeleted) { return void UI.warn(Messages.deletedFromServer); } @@ -609,7 +612,10 @@ MessengerUI, Messages, Pages) { h('i.fa.fa-unlock-alt'), h('span.cp-button-name', Messages.accessButton) ])); - $accessBlock.click(function () { + $accessBlock.click(function () { + if (!config.metadataMgr.getPrivateData().isTop) { + return void UIElements.openDirectlyConfirmation(Common); + } if (toolbar.isDeleted) { return void UI.warn(Messages.deletedFromServer); }