From 4d2538c79684ec9a17944d1c09f265648f710dcb Mon Sep 17 00:00:00 2001 From: yflory Date: Mon, 10 Feb 2020 10:46:20 +0100 Subject: [PATCH] Make hidden hashes disabled by default --- www/common/common-ui-elements.js | 2 +- www/common/drive-ui.js | 2 +- www/common/sframe-common-outer.js | 4 ++-- www/settings/inner.js | 5 +++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/www/common/common-ui-elements.js b/www/common/common-ui-elements.js index feec4f243..9e8448c6f 100644 --- a/www/common/common-ui-elements.js +++ b/www/common/common-ui-elements.js @@ -657,7 +657,7 @@ define([ // Use hidden hash if needed (we're an owner of this pad so we know it is stored) var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); var href = (priv.readOnly && data.roHref) ? data.roHref : data.href; - if (!useUnsafe) { + if (useUnsafe === false) { var newParsed = Hash.parsePadUrl(href); var newSecret = Hash.getSecrets(newParsed.type, newParsed.hash, newPass); var newHash = Hash.getHiddenHashFromKeys(parsed.type, newSecret, {}); diff --git a/www/common/drive-ui.js b/www/common/drive-ui.js index ff15e091f..51f3c015d 100644 --- a/www/common/drive-ui.js +++ b/www/common/drive-ui.js @@ -1037,7 +1037,7 @@ define([ var href = isRo ? data.roHref : (data.href || data.roHref); var priv = metadataMgr.getPrivateData(); var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']); - if (useUnsafe) { + if (useUnsafe !== false) { // true of undefined: use unsafe links return void window.open(APP.origin + href); } diff --git a/www/common/sframe-common-outer.js b/www/common/sframe-common-outer.js index fa9afaed8..a7af0f6b6 100644 --- a/www/common/sframe-common-outer.js +++ b/www/common/sframe-common-outer.js @@ -646,7 +646,7 @@ define([ var opts = parsed.getOptions(); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); - if (!useUnsafe && window.history && window.history.replaceState) { + if (useUnsafe === false && window.history && window.history.replaceState) { if (!/^#/.test(hash)) { hash = '#' + hash; } window.history.replaceState({}, window.document.title, hash); } @@ -684,7 +684,7 @@ define([ var opts = parsed.getOptions(); var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts); var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']); - if (!useUnsafe && window.history && window.history.replaceState) { + if (useUnsafe === false && window.history && window.history.replaceState) { if (!/^#/.test(hash)) { hash = '#' + hash; } window.history.replaceState({}, window.document.title, hash); } diff --git a/www/settings/inner.js b/www/settings/inner.js index 683a3e222..7de5b7752 100644 --- a/www/settings/inner.js +++ b/www/settings/inner.js @@ -573,10 +573,11 @@ define([ var $cbox = $(UI.createCheckbox('cp-settings-safe-links', Messages.settings_safeLinksCheckbox, - true, { label: {class: 'noTitle'} })); + false, { label: {class: 'noTitle'} })); var spinner = UI.makeSpinner($cbox); + // Checkbox: "Enable safe links" var $checkbox = $cbox.find('input').on('change', function () { spinner.spin(); var val = !$checkbox.is(':checked'); @@ -587,7 +588,7 @@ define([ common.getAttribute(['security', 'unsafeLinks'], function (e, val) { if (e) { return void console.error(e); } - if (!val) { + if (val === false) { $checkbox.attr('checked', 'checked'); } });