From f495a6cbc84d6d3439839d610ee45abfa3896325 Mon Sep 17 00:00:00 2001 From: ansuz Date: Thu, 24 Mar 2022 14:04:16 +0530 Subject: [PATCH] abort first sframe boot stage if eval is possible --- www/common/sframe-boot.js | 19 +++++++++++++++++++ www/common/sframe-boot2.js | 17 ----------------- 2 files changed, 19 insertions(+), 17 deletions(-) diff --git a/www/common/sframe-boot.js b/www/common/sframe-boot.js index 04290f0c6..3529f6abb 100644 --- a/www/common/sframe-boot.js +++ b/www/common/sframe-boot.js @@ -11,6 +11,25 @@ if (window === window.top) { window.alert(s); }); } +if (typeof(Promise) !== 'function') { + return void setTimeout(function () { + var s = "Internet Explorer is not supported anymore, including by Microsoft.\n\nMost of CryptPad's collaborative functionality requires a modern browser to work.\n\nWe recommend Mozilla Firefox."; + window.alert(s); + }); +} + +var caughtEval; +try { + eval('true'); // jshint ignore:line +} catch (err) { caughtEval = true; } + +if (!/^\/(sheet|doc|presentation)/.test(window.location.pathname) && !caughtEval) { + return void setTimeout(function () { + window.alert("aborting because eval should not be permitted."); + }); +} + + var afterLoaded = function (req) { req.cfg = req.cfg || {}; if (req.pfx) { diff --git a/www/common/sframe-boot2.js b/www/common/sframe-boot2.js index 382aca0ba..2870be392 100644 --- a/www/common/sframe-boot2.js +++ b/www/common/sframe-boot2.js @@ -43,22 +43,5 @@ define([ throw e; }; - if (typeof(Promise) !== 'function') { - return void setTimeout(function () { - var s = "Internet Explorer is not supported anymore, including by Microsoft.\n\nMost of CryptPad's collaborative functionality requires a modern browser to work.\n\nWe recommend Mozilla Firefox."; - window.alert(s); - }); - } - - var caughtEval; - try { - eval('true'); // jshint ignore:line - } catch (err) { caughtEval = true; } - - if (!/^\/(sheet|doc|presentation)/.test(window.location.pathname) && !caughtEval) { - return void setTimeout(function () { - window.alert("aborting because eval should not be permitted."); - }); - } require([document.querySelector('script[data-bootload]').getAttribute('data-bootload')]); });