block loading many apps in iframes

pull/1/head
ansuz 3 years ago
parent e31ae08341
commit bc365d16a8

@ -8,7 +8,41 @@ define([
], function (nThen, ApiConfig, RequireConfig, Messages, $) { ], function (nThen, ApiConfig, RequireConfig, Messages, $) {
var common = {}; var common = {};
var embeddableApps = [
//'calendar',
'code',
//'doc', // XXX
// 'drive', // XXX
//'file', // doesn't suggest iframes
'form',
'kanban',
'pad',
// 'poll', // XXX
//'presentation', // XXX
// 'sheet', // XXX
'slide',
//'teams', // XXX
'whiteboard',
].map(function (x) {
return `/${x}/`; // XXX intentionally break IE or anything that doesn't support template literals
});
common.initIframe = function (waitFor, isRt, pathname) { common.initIframe = function (waitFor, isRt, pathname) {
if (window.top !== window) {
if (ApiConfig.disableEmbedding) {
return void window.alert(`This CryptPad instance's administrators have disabled remote embedding of its editors.`);
}
// even where embedding is not forbidden it should still be limited
// to apps that are explicitly permitted
if (!embeddableApps.includes(window.location.pathname)) {
return void window.alert(`Embedding this CryptPad editor in remote pages is not supported.`);
}
}
if (window.location.origin !== ApiConfig.httpUnsafeOrigin) {
return void window.alert(`This page is configured to only be accessed via ${ApiConfig.httpUnsafeOrigin}.`);
}
var requireConfig = RequireConfig(); var requireConfig = RequireConfig();
var lang = Messages._languageUsed; var lang = Messages._languageUsed;
var themeKey = 'CRYPTPAD_STORE|colortheme'; var themeKey = 'CRYPTPAD_STORE|colortheme';

@ -13,6 +13,9 @@ define([
'/common/common-interface.js', '/common/common-interface.js',
], function (nThen, ApiConfig, $, RequireConfig, SFCommonO, ], function (nThen, ApiConfig, $, RequireConfig, SFCommonO,
Cryptpad, Util, Hash, Realtime, Constants, UI) { Cryptpad, Util, Hash, Realtime, Constants, UI) {
if (window.top !== window) {
return void window.alert(`If you are seeing this message then somebody might be trying to compromise your CryptPad account. Please contact the CryptPad development team.`);
}
window.Cryptpad = { window.Cryptpad = {
Common: Cryptpad, Common: Cryptpad,

@ -10,6 +10,7 @@ define([
'css!/bower_components/components-font-awesome/css/font-awesome.min.css', 'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
], function ($, Cryptpad, Login, UI, Realtime, Feedback, LocalStore /*, Test */) { ], function ($, Cryptpad, Login, UI, Realtime, Feedback, LocalStore /*, Test */) {
if (window.top !== window) { return; }
$(function () { $(function () {
var $checkImport = $('#import-recent'); var $checkImport = $('#import-recent');
if (LocalStore.isLoggedIn()) { if (LocalStore.isLoggedIn()) {

@ -14,6 +14,7 @@ define([
'css!/bower_components/components-font-awesome/css/font-awesome.min.css', 'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
], function ($, Login, Cryptpad, /*Test,*/ Cred, UI, Util, Realtime, Constants, Feedback, LocalStore, h) { ], function ($, Login, Cryptpad, /*Test,*/ Cred, UI, Util, Realtime, Constants, Feedback, LocalStore, h) {
if (window.top !== window) { return; }
var Messages = Cryptpad.Messages; var Messages = Cryptpad.Messages;
$(function () { $(function () {
if (LocalStore.isLoggedIn()) { if (LocalStore.isLoggedIn()) {

Loading…
Cancel
Save