restructure bounce app
ansuz
3 years ago
parent
f9be929eb9
commit
7e07f6e0d1
@ -1,20 +1,57 @@
|
|||||||
define(['/api/config'], function (ApiConfig) {
|
define(['/api/config'], function (ApiConfig) {
|
||||||
|
var reject = function () {
|
||||||
|
window.close();
|
||||||
|
};
|
||||||
if (ApiConfig.httpSafeOrigin !== window.location.origin) {
|
if (ApiConfig.httpSafeOrigin !== window.location.origin) {
|
||||||
window.alert('The bounce application must only be used from the sandbox domain, ' +
|
window.alert('The bounce application must only be used from the sandbox domain, ' +
|
||||||
'please report this issue on https://github.com/xwiki-labs/cryptpad');
|
'please report this issue on https://github.com/xwiki-labs/cryptpad');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
var bounceTo = decodeURIComponent(window.location.hash.slice(1));
|
if (typeof(URL) !== 'function') {
|
||||||
if (!bounceTo) {
|
window.alert("Your browser does not support functionality this page requires");
|
||||||
window.alert('The bounce application must only be used with a valid href to visit');
|
return void reject();
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (bounceTo.indexOf('javascript:') === 0 || // jshint ignore:line
|
|
||||||
bounceTo.indexOf('vbscript:') === 0 || // jshint ignore:line
|
|
||||||
bounceTo.indexOf('data:') === 0) {
|
|
||||||
window.alert('Illegal bounce URL');
|
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
window.opener = null;
|
window.opener = null;
|
||||||
window.location.href = bounceTo;
|
|
||||||
|
var host;
|
||||||
|
try {
|
||||||
|
host = new URL('', ApiConfig.httpUnsafeOrigin);
|
||||||
|
} catch (err) {
|
||||||
|
window.alert("This server is configured incorrectly. Its administrator should check its diagnostics page");
|
||||||
|
return void reject();
|
||||||
|
}
|
||||||
|
|
||||||
|
var target;
|
||||||
|
try {
|
||||||
|
var bounceTo = decodeURIComponent(window.location.hash.slice(1));
|
||||||
|
target = new URL(bounceTo, ApiConfig.httpUnsafeOrigin);
|
||||||
|
} catch (err) {
|
||||||
|
console.error(err);
|
||||||
|
window.alert('The bounce application must only be used with a valid href to visit');
|
||||||
|
return void reject();
|
||||||
|
}
|
||||||
|
|
||||||
|
var go = function () {
|
||||||
|
window.location.href = target.href;
|
||||||
|
};
|
||||||
|
|
||||||
|
if (target.host === host.host) { return void go(); }
|
||||||
|
|
||||||
|
require([
|
||||||
|
'/customize/messages.js',
|
||||||
|
], function (Messages) {
|
||||||
|
Messages.bounce_confirm = 'You are about to leave {0}\n\nAre you sure you want to visit "{1}"?'; // XXX
|
||||||
|
Messages.bounce_danger = 'It looks like someone is trying to trick you into visiting a dangerous link.\n\n("{0}")\n\nBe careful!'; // XXX
|
||||||
|
|
||||||
|
if (['javascript:', 'vbscript:', 'data:', 'blob:'].includes(target.protocol)) {
|
||||||
|
window.alert(Messages._getKey('bounce_danger', [target.href]));
|
||||||
|
return void reject();
|
||||||
|
}
|
||||||
|
|
||||||
|
var question = Messages._getKey('bounce_confirm', [host.hostname, target.href]);
|
||||||
|
var answer = window.confirm(question);
|
||||||
|
if (answer) { return void go(); }
|
||||||
|
reject();
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
Loading…
Reference in New Issue