infra
/
cryptpad
2
1
Fork 0
Code Issues Pull Requests Projects Releases 1 Activity

filter unwanted elements when receiving patches

Browse Source
pull/1/head
ansuz 9 years ago
parent 648f64c6fc
commit 7e8d66a141
2 changed files with 35 additions and 26 deletions
Show Stats Download Patch File Download Diff File

26
www/pad/index.html
Unescape Escape View File

@ -48,32 +48,6 @@
</head> </head>
<body> <body>
<iframe id="pad-iframe" src="inner.html"></iframe> <iframe id="pad-iframe" src="inner.html"></iframe>
<div id="debug"><button>DEBUG</button></div>
<textarea id="feedback"></textarea>
<script>
require(['/bower_components/jquery/dist/jquery.min.js'], function() {
var $ = window.$;
$('#debug').on('click', function() {
if($('#feedback').is(':visible')) {
$('#pad-iframe').css({
'width' : '100%'
});
$('#debug').css({
'right' : '0%'
});
}
else {
$('#pad-iframe').css({
'width' : '70%'
});
$('#debug').css({
'right' : '30%'
});
}
$('#feedback').toggle();
});
});
</script>
</body> </body>
</html> </html>

35
www/pad/main.js
Unescape Escape View File

@ -100,8 +100,43 @@ define([
// don't let the user edit until the pad is ready // don't let the user edit until the pad is ready
setEditable(false); setEditable(false);
var forbiddenTags = [
'SCRIPT',
'IFRAME',
'OBJECT',
'APPLET',
'VIDEO',
'AUDIO'
];
var diffOptions = { var diffOptions = {
preDiffApply: function (info) { preDiffApply: function (info) {
/*
Don't accept attributes that begin with 'on'
these are probably listeners, and we don't want to
send scripts over the wire.
*/
if (['addAttribute', 'modifyAttribute'].indexOf(info.diff.action) !== -1) {
if (/^on/.test(info.diff.name)) {
console.log("Rejecting forbidden element attribute with name (%s)", info.diff.name);
return true;
}
}
/*
Also reject any elements which would insert any one of
our forbidden tag types: script, iframe, object,
applet, video, or audio
*/
if (['addElement', 'replaceElement'].indexOf(info.diff.action) !== -1) {
if (info.diff.element && forbiddenTags.indexOf(info.diff.element.nodeName) !== -1) {
console.log("Rejecting forbidden tag of type (%s)", info.diff.element.nodeName);
return true;
} else if (info.diff.newValue && forbiddenTags.indexOf(info.diff.newValue.nodeType) !== -1) {
console.log("Rejecting forbidden tag of type (%s)", info.diff.newValue.nodeName);
return true;
}
}
if (info.node && info.node.tagName === 'BODY') { if (info.node && info.node.tagName === 'BODY') {
if (info.diff.action === 'removeAttribute' && if (info.diff.action === 'removeAttribute' &&
['class', 'spellcheck'].indexOf(info.diff.name) !== -1) { ['class', 'spellcheck'].indexOf(info.diff.name) !== -1) {

Write Preview
Loading…
Cancel
Save