i2p.i2p/apps/i2ptunnel/jsp/edit.jsp

<%
    // NOTE: Do the header carefully so there is no whitespace before the <?xml... line

    response.setHeader("X-Frame-Options", "SAMEORIGIN");
    response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");
    response.setHeader("X-XSS-Protection", "1; mode=block");

%><%@page pageEncoding="UTF-8"
%><%@page trimDirectiveWhitespaces="true"
%><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean"
%><% 
String tun = request.getParameter("tunnel");
 if (tun != null) {
  try {
    int curTunnel = Integer.parseInt(tun);
    if (EditBean.staticIsClient(curTunnel)) {
        %><jsp:include page="editClient.jsp" /><%
    } else {
        %><jsp:include page="editServer.jsp" /><%
    }
  } catch (NumberFormatException nfe) {
    %>Invalid tunnel parameter<%
  }
} else {
  String type = request.getParameter("type");
  int curTunnel = -1;
  if (EditBean.isClient(type)) {
        %><jsp:include page="editClient.jsp" /><%
  } else {
        %><jsp:include page="editServer.jsp" /><%
  }
}
%>
HTML fixes 2011-03-21 14:27:46 +00:00			`<%`
			`// NOTE: Do the header carefully so there is no whitespace before the <?xml... line`

add X-Frame-Options to console headers 2012-05-13 13:05:17 +00:00			`response.setHeader("X-Frame-Options", "SAMEORIGIN");`
Fix CSP to allow inline style and refresh Add filter to all webapps 2014-07-26 11:01:16 +00:00			`response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'");`
* Console: - Fix several XSS issues (thx Aaron Portnoy of Exodus Intel) - Add Content-Security-Policy and X-XSS-Protection headers - Disable changing news feed URL from UI - Disable plugin install from UI - Disable setting unsigned update URL from UI - Disable /configadvanced * DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit) * ExecNamingService: Disable (thx joernchen of Phenoelit) * Startup: Add susimail.config to migrated files 2014-07-26 09:32:26 +00:00			`response.setHeader("X-XSS-Protection", "1; mode=block");`
add X-Frame-Options to console headers 2012-05-13 13:05:17 +00:00
HTML fixes 2011-03-21 14:27:46 +00:00			`%><%@page pageEncoding="UTF-8"`
Add JSP 2.1 trim white space directive to all jsps to save a few KB 2012-01-10 13:21:35 +00:00			`%><%@page trimDirectiveWhitespaces="true"`
HTML fixes 2011-03-21 14:27:46 +00:00			`%><%@page contentType="text/html" import="net.i2p.i2ptunnel.web.EditBean"`
			`%><%`
2005-11-11 cervantes * Initial pass of the routerconsole revamp, starting with I2PTunnel and being progressively rolled out to other sections at later dates. Featuring abstracted W3C strict XHTML1.0 markup, with CSS providing layout and styling. * Implemented console themes. Users can create their own themes by creating css files in: {i2pdir}/docs/themes/console/{themename}/ and activating it using the routerconsole.theme={themename} advanced config property. Look at the example incomplete "defCon1" theme. Note: This is very much a work in progress. Folks might want to hold-off creating their own skins until the markup has solidified. * Added "routerconsole.javascript.disabled=true" to disable console client-side scripting and "routerconsole.css.disabled=true" to remove css styling (only rolled out in the i2ptunnel interface currently) * Fixed long standing bug with i2ptunnel client and server edit screens where tunnel count and depth properties would fail to save. Added backup quantity and variance configuration options. * Added basic accessibility support (key shortcuts, linear markup, alt and title information and form labels). * So far only tested on IE6, Firefox 1.0.6, Opera 8 and lynx. 2005-11-12 02:38:55 +00:00			`String tun = request.getParameter("tunnel");`
			`if (tun != null) {`
			`try {`
			`int curTunnel = Integer.parseInt(tun);`
			`if (EditBean.staticIsClient(curTunnel)) {`
HTML fixes 2011-03-21 14:27:46 +00:00			`%><jsp:include page="editClient.jsp" /><%`
* 2005-03-29 0.5.0.5 released 2005-03-29 jrandom * Decreased the initial RTT estimate to 10s to allow more retries. * Increased the default netDb store replication factor from 2 to 6 to take into consideration tunnel failures. * Address some statistical anonymity attacks against the netDb that could be mounted by an active internal adversary by only answering lookups for leaseSets we received through an unsolicited store. * Don't throttle lookup responses (we throttle enough elsewhere) * Fix the NewsFetcher so that it doesn't incorrectly resume midway through the file (thanks nickster!) * Updated the I2PTunnel HTML (thanks postman!) * Added support to the I2PTunnel pages for the URL parameter "passphrase", which, if matched against the router.config "i2ptunnel.passphrase" value, skips the nonce check. If the config prop doesn't exist or is blank, no passphrase is accepted. * Implemented HMAC-SHA256. * Enable the tunnel batching with a 500ms delay by default * Dropped compatability with 0.5.0.3 and earlier releases 2005-03-30 00:07:36 +00:00			`} else {`
HTML fixes 2011-03-21 14:27:46 +00:00			`%><jsp:include page="editServer.jsp" /><%`
* 2005-03-29 0.5.0.5 released 2005-03-29 jrandom * Decreased the initial RTT estimate to 10s to allow more retries. * Increased the default netDb store replication factor from 2 to 6 to take into consideration tunnel failures. * Address some statistical anonymity attacks against the netDb that could be mounted by an active internal adversary by only answering lookups for leaseSets we received through an unsolicited store. * Don't throttle lookup responses (we throttle enough elsewhere) * Fix the NewsFetcher so that it doesn't incorrectly resume midway through the file (thanks nickster!) * Updated the I2PTunnel HTML (thanks postman!) * Added support to the I2PTunnel pages for the URL parameter "passphrase", which, if matched against the router.config "i2ptunnel.passphrase" value, skips the nonce check. If the config prop doesn't exist or is blank, no passphrase is accepted. * Implemented HMAC-SHA256. * Enable the tunnel batching with a 500ms delay by default * Dropped compatability with 0.5.0.3 and earlier releases 2005-03-30 00:07:36 +00:00			`}`
2005-11-11 cervantes * Initial pass of the routerconsole revamp, starting with I2PTunnel and being progressively rolled out to other sections at later dates. Featuring abstracted W3C strict XHTML1.0 markup, with CSS providing layout and styling. * Implemented console themes. Users can create their own themes by creating css files in: {i2pdir}/docs/themes/console/{themename}/ and activating it using the routerconsole.theme={themename} advanced config property. Look at the example incomplete "defCon1" theme. Note: This is very much a work in progress. Folks might want to hold-off creating their own skins until the markup has solidified. * Added "routerconsole.javascript.disabled=true" to disable console client-side scripting and "routerconsole.css.disabled=true" to remove css styling (only rolled out in the i2ptunnel interface currently) * Fixed long standing bug with i2ptunnel client and server edit screens where tunnel count and depth properties would fail to save. Added backup quantity and variance configuration options. * Added basic accessibility support (key shortcuts, linear markup, alt and title information and form labels). * So far only tested on IE6, Firefox 1.0.6, Opera 8 and lynx. 2005-11-12 02:38:55 +00:00			`} catch (NumberFormatException nfe) {`
			`%>Invalid tunnel parameter<%`
			`}`
			`} else {`
			`String type = request.getParameter("type");`
			`int curTunnel = -1;`
Add socks to gui, prevent NPE on socks 4 request, general cleanup 2009-01-23 01:22:14 +00:00			`if (EditBean.isClient(type)) {`
HTML fixes 2011-03-21 14:27:46 +00:00			`%><jsp:include page="editClient.jsp" /><%`
2005-11-11 cervantes * Initial pass of the routerconsole revamp, starting with I2PTunnel and being progressively rolled out to other sections at later dates. Featuring abstracted W3C strict XHTML1.0 markup, with CSS providing layout and styling. * Implemented console themes. Users can create their own themes by creating css files in: {i2pdir}/docs/themes/console/{themename}/ and activating it using the routerconsole.theme={themename} advanced config property. Look at the example incomplete "defCon1" theme. Note: This is very much a work in progress. Folks might want to hold-off creating their own skins until the markup has solidified. * Added "routerconsole.javascript.disabled=true" to disable console client-side scripting and "routerconsole.css.disabled=true" to remove css styling (only rolled out in the i2ptunnel interface currently) * Fixed long standing bug with i2ptunnel client and server edit screens where tunnel count and depth properties would fail to save. Added backup quantity and variance configuration options. * Added basic accessibility support (key shortcuts, linear markup, alt and title information and form labels). * So far only tested on IE6, Firefox 1.0.6, Opera 8 and lynx. 2005-11-12 02:38:55 +00:00			`} else {`
HTML fixes 2011-03-21 14:27:46 +00:00			`%><jsp:include page="editServer.jsp" /><%`
* 2005-03-29 0.5.0.5 released 2005-03-29 jrandom * Decreased the initial RTT estimate to 10s to allow more retries. * Increased the default netDb store replication factor from 2 to 6 to take into consideration tunnel failures. * Address some statistical anonymity attacks against the netDb that could be mounted by an active internal adversary by only answering lookups for leaseSets we received through an unsolicited store. * Don't throttle lookup responses (we throttle enough elsewhere) * Fix the NewsFetcher so that it doesn't incorrectly resume midway through the file (thanks nickster!) * Updated the I2PTunnel HTML (thanks postman!) * Added support to the I2PTunnel pages for the URL parameter "passphrase", which, if matched against the router.config "i2ptunnel.passphrase" value, skips the nonce check. If the config prop doesn't exist or is blank, no passphrase is accepted. * Implemented HMAC-SHA256. * Enable the tunnel batching with a 500ms delay by default * Dropped compatability with 0.5.0.3 and earlier releases 2005-03-30 00:07:36 +00:00			`}`
2005-11-11 cervantes * Initial pass of the routerconsole revamp, starting with I2PTunnel and being progressively rolled out to other sections at later dates. Featuring abstracted W3C strict XHTML1.0 markup, with CSS providing layout and styling. * Implemented console themes. Users can create their own themes by creating css files in: {i2pdir}/docs/themes/console/{themename}/ and activating it using the routerconsole.theme={themename} advanced config property. Look at the example incomplete "defCon1" theme. Note: This is very much a work in progress. Folks might want to hold-off creating their own skins until the markup has solidified. * Added "routerconsole.javascript.disabled=true" to disable console client-side scripting and "routerconsole.css.disabled=true" to remove css styling (only rolled out in the i2ptunnel interface currently) * Fixed long standing bug with i2ptunnel client and server edit screens where tunnel count and depth properties would fail to save. Added backup quantity and variance configuration options. * Added basic accessibility support (key shortcuts, linear markup, alt and title information and form labels). * So far only tested on IE6, Firefox 1.0.6, Opera 8 and lynx. 2005-11-12 02:38:55 +00:00			`}`
Add socks to gui, prevent NPE on socks 4 request, general cleanup 2009-01-23 01:22:14 +00:00			`%>`