Add settings to continue using unsafe links

www/common/common-interface.js

@@ -1104,5 +1104,36 @@ define([
         };
     };
 
+    UI.makeSpinner = function ($container) {
+        var $ok = $('<span>', {'class': 'fa fa-check', title: Messages.saved}).hide();
+        var $spinner = $('<span>', {'class': 'fa fa-spinner fa-pulse'}).hide();
+
+        var spin = function () {
+            $ok.hide();
+            $spinner.show();
+        };
+        var hide = function () {
+            $ok.hide();
+            $spinner.hide();
+        };
+        var done = function () {
+            $ok.show();
+            $spinner.hide();
+        };
+
+        if ($container && $container.append) {
+            $container.append($ok);
+            $container.append($spinner);
+        }
+
+        return {
+            ok: $ok[0],
+            spinner: $spinner[0],
+            spin: spin,
+            hide: hide,
+            done: done
+        }
+    };
+
     return UI;
 });

www/common/drive-ui.js

@@ -1034,7 +1034,14 @@ define([
             if (!data || (!data.href && !data.roHref)) {
                 return void logError("Missing data for the file", el, data);
             }
-            var href = data.href || data.roHref;
+            var href = isRo ? data.roHref : (data.href || data.roHref);
+            var priv = metadataMgr.getPrivateData();
+            var useUnsafe = Util.find(priv, ['settings', 'security', 'unsafeLinks']);
+            if (useUnsafe) {
+                return void window.open(APP.origin + href);
+            }
+
+            // Get hidden hash
             var parsed = Hash.parsePadUrl(href);
             var secret = Hash.getSecrets(parsed.type, parsed.hash, data.password);
             if (isRo && secret.keys && secret.keys.editKeyStr) {
@@ -1043,7 +1050,6 @@ define([
             }
             var hash = Hash.getHiddenHashFromKeys(parsed.type, secret);
             var hiddenHref = Hash.hashToHref(hash, parsed.type);
-            // XXX hidden hash: use settings
             window.open(APP.origin + hiddenHref);
         };
 

www/common/sframe-common-outer.js

@@ -398,6 +398,7 @@ define([
             if (!parsed.type) { throw new Error(); }
             var defaultTitle = Utils.UserObject.getDefaultName(parsed);
             var edPublic, curvePublic, notifications, isTemplate;
+            var settings = {};
             var forceCreationScreen = cfg.useCreationScreen &&
                                       sessionStorage[Utils.Constants.displayPadCreationScreen];
             delete sessionStorage[Utils.Constants.displayPadCreationScreen];
@@ -411,6 +412,7 @@ define([
                         edPublic = metaObj.priv.edPublic; // needed to create an owned pad
                         curvePublic = metaObj.user.curvePublic;
                         notifications = metaObj.user.notifications;
+                        settings = metaObj.priv.settings;
                     }));
                     if (typeof(isTemplate) === "undefined") {
                         Cryptpad.isTemplate(currentPad.href, waitFor(function (err, t) {
@@ -647,7 +649,8 @@ define([
                         // hide the hash
                         var opts = parsed.getOptions();
                         var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts);
-                        if (window.history && window.history.replaceState) {
+                        var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']);
+                        if (!useUnsafe && window.history && window.history.replaceState) {
                             if (!/^#/.test(hash)) { hash = '#' + hash; }
                             window.history.replaceState({}, window.document.title, hash);
                         }
@@ -684,7 +687,8 @@ define([
                         // hide the hash
                         var opts = parsed.getOptions();
                         var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts);
-                        if (window.history && window.history.replaceState) {
+                        var useUnsafe = Utils.Util.find(settings, ['security', 'unsafeLinks']);
+                        if (!useUnsafe && window.history && window.history.replaceState) {
                             if (!/^#/.test(hash)) { hash = '#' + hash; }
                             window.history.replaceState({}, window.document.title, hash);
                         }

www/settings/inner.js

@@ -53,13 +53,15 @@ define([
             'cp-settings-language-selector',
             'cp-settings-resettips',
             'cp-settings-logout-everywhere',
-            'cp-settings-autostore',
             'cp-settings-userfeedback',
             'cp-settings-change-password',
             'cp-settings-migrate',
-            'cp-settings-backup',
             'cp-settings-delete'
         ],
+        'security': [ // XXX
+            'cp-settings-autostore',
+            'cp-settings-safe-links',
+        ],
         'creation': [
             'cp-settings-creation-owned',
             'cp-settings-creation-expire',
@@ -115,6 +117,24 @@ define([
 
     var create = {};
 
+    var makeBlock = function (key, getter, full) {
+        var safeKey = key.replace(/-([a-z])/g, function (g) { return g[1].toUpperCase(); });
+
+        create[key] = function () {
+            var $div = $('<div>', {'class': 'cp-settings-' + key + ' cp-sidebarlayout-element'});
+            if (full) {
+                $('<label>').text(Messages['settings_'+safeKey+'Title'] || key).appendTo($div);
+                $('<span>', {'class': 'cp-sidebarlayout-description'})
+                    .text(Messages['settings_'+safeKey+'Hint'] || 'Coming soon...').appendTo($div);
+            }
+            getter(function (content) {
+                $div.append(content);
+            }, $div);
+            return $div;
+        };
+    };
+
+
     // Account settings
 
     create['info-block'] = function () {
@@ -547,6 +567,35 @@ define([
         return $div;
     };
 
+    // Security
+
+    makeBlock('safe-links', function (cb) {
+        // XXX settings_safeLinksTitle, settings_safeLinksHint, settings_safeLinksCheckbox
+
+        var $cbox = $(UI.createCheckbox('cp-settings-safe-links',
+                                   Messages.settings_safeLinksCheckbox,
+                                   true, { label: {class: 'noTitle'} }));
+
+        var spinner = UI.makeSpinner($cbox);
+
+        var $checkbox = $cbox.find('input').on('change', function () {
+            spinner.spin();
+            var val = !$checkbox.is(':checked');
+            common.setAttribute(['security', 'unsafeLinks'], val, function () {
+                spinner.done();
+            });
+        });
+
+        common.getAttribute(['security', 'unsafeLinks'], function (e, val) {
+            if (e) { return void console.error(e); }
+            if (!val) {
+                $checkbox.attr('checked', 'checked');
+            }
+        });
+
+        cb($cbox);
+    }, true);
+
     // Pad Creation settings
 
     var setHTML = function (e, html) {
@@ -1578,6 +1627,7 @@ define([
             if (key === 'code') { $category.append($('<span>', {'class': 'fa fa-file-code-o' })); }
             if (key === 'pad') { $category.append($('<span>', {'class': 'fa fa-file-word-o' })); }
             if (key === 'creation') { $category.append($('<span>', {'class': 'fa fa-plus-circle' })); }
+            if (key === 'security') { $category.append($('<span>', {'class': 'fa fa-lock' })); }
             if (key === 'subscription') { $category.append($('<span>', {'class': 'fa fa-star-o' })); }
 
             if (key === active) {
@@ -1596,9 +1646,10 @@ define([
                 showCategories(categories[key]);
             });
 
-            $category.append(Messages['settings_cat_'+key]);
+            $category.append(Messages['settings_cat_'+key] || key);
         });
         showCategories(categories[active]);
+        common.setHash(active);
     };