i2p.i2p/apps/routerconsole/jsp/css.jsi

<%
   /*
    * This should be included inside <head>...</head>,
    * as it sets the stylesheet.
    *
    * This is included almost 30 times, so keep whitespace etc. to a minimum.
    */

   // http://www.crazysquirrel.com/computing/general/form-encoding.jspx
   if (request.getCharacterEncoding() == null)
       request.setCharacterEncoding("UTF-8");

   // Now that we use POST for most forms, these prevent the back button from working after a form submit
   // Just let the browser do its thing
   //response.setHeader("Pragma", "no-cache");
   //response.setHeader("Cache-Control","no-cache");
   //response.setDateHeader("Expires", 0);

   // the above will b0rk if the servlet engine has already flushed
   // the response prior to including this file, so it should be
   // near the top

   String i2pcontextId = request.getParameter("i2p.contextId");
   try {
       if (i2pcontextId != null) {
           session.setAttribute("i2p.contextId", i2pcontextId);
       } else {
           i2pcontextId = (String) session.getAttribute("i2p.contextId");
       }
   } catch (IllegalStateException ise) {}
%><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<jsp:useBean class="net.i2p.router.web.CSSHelper" id="intl" scope="request" />
<jsp:setProperty name="intl" property="contextId" value="<%=i2pcontextId%>" />
<link rel="icon" href="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/favicon.ico"><%
   response.setHeader("Accept-Ranges", "none");

   // clickjacking
   if (intl.shouldSendXFrame()) {
      response.setHeader("X-Frame-Options", "SAMEORIGIN");
      response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
      response.setHeader("X-XSS-Protection", "1; mode=block");
      response.setHeader("X-Content-Type-Options", "nosniff");
   }
   // https://www.w3.org/TR/referrer-policy/
   // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
   // As of Chrome 56, Firefox 50, Opera 43. "same-origin" not widely supported.
   response.setHeader("Referrer-Policy", "no-referrer");

   String conNonceParam = request.getParameter("consoleNonce");
   if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) {
       intl.setLang(request.getParameter("lang"));
       intl.setNews(request.getParameter("news"));
   }
%><link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
<%
   if (intl.getLang().equals("zh")) {
       // make the fonts bigger for chinese
%><link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console_big.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
<%
   } else if (intl.getLang().equals("ar")) {
       // Use RTL theme for Arabic
%><link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console_ar.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
<%
   }
   if (!intl.allowIFrame(request.getHeader("User-Agent"))) {
%><meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" />
<link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>mobile.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
<%
   }
%><!--[if IE]><link href="/themes/console/classic/ieshim.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" /><![endif]-->
* Console: - Move the console css from default.css in the .war to docs/themes/console/console.css, and support console themes in the main console with routerconsole.theme=foo 2009-06-11 18:05:05 +00:00			`<%`
			`/*`
			`* This should be included inside <head>...</head>,`
			`* as it sets the stylesheet.`
* Console: - Put favicon on every page - Make every page UTF-8 2009-08-20 14:35:32 +00:00			`*`
			`* This is included almost 30 times, so keep whitespace etc. to a minimum.`
* Console: - Move the console css from default.css in the .war to docs/themes/console/console.css, and support console themes in the main console with routerconsole.theme=foo 2009-06-11 18:05:05 +00:00			`*/`

* I2CP: Fix the SessionConfig serializer in DataHelper, so that UTF-8 tunnel names are not corrupted by I2CP and can be displayed on the console * Fix UTF-8 form submission on console and i2ptunnel 2009-08-20 22:22:07 +00:00			`// http://www.crazysquirrel.com/computing/general/form-encoding.jspx`
			`if (request.getCharacterEncoding() == null)`
			`request.setCharacterEncoding("UTF-8");`

remove cache directives 2011-03-19 18:34:39 +00:00			`// Now that we use POST for most forms, these prevent the back button from working after a form submit`
			`// Just let the browser do its thing`
			`//response.setHeader("Pragma", "no-cache");`
			`//response.setHeader("Cache-Control","no-cache");`
			`//response.setDateHeader("Expires", 0);`

* Console: - Move the console css from default.css in the .war to docs/themes/console/console.css, and support console themes in the main console with routerconsole.theme=foo 2009-06-11 18:05:05 +00:00			`// the above will b0rk if the servlet engine has already flushed`
HTML bugfixes in routerconsole pages. 2009-08-15 16:08:33 +00:00			`// the response prior to including this file, so it should be`
* Console: - Move the console css from default.css in the .war to docs/themes/console/console.css, and support console themes in the main console with routerconsole.theme=foo 2009-06-11 18:05:05 +00:00			`// near the top`
HTML bugfixes in routerconsole pages. 2009-08-15 16:08:33 +00:00
Console: Catch ISE in get/setAttribute() (ticket #1529) 2018-07-28 19:03:01 +00:00			`String i2pcontextId = request.getParameter("i2p.contextId");`
			`try {`
			`if (i2pcontextId != null) {`
			`session.setAttribute("i2p.contextId", i2pcontextId);`
			`} else {`
			`i2pcontextId = (String) session.getAttribute("i2p.contextId");`
			`}`
			`} catch (IllegalStateException ise) {}`
jsi whitespace removal 2018-11-13 17:48:58 +00:00			`%><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">`
- Rename cssHelper to intl for ease of tagging - configui.jsp post-prop fixup 2009-10-23 13:55:44 +00:00			`<jsp:useBean class="net.i2p.router.web.CSSHelper" id="intl" scope="request" />`
Console: Catch ISE in get/setAttribute() (ticket #1529) 2018-07-28 19:03:01 +00:00			`<jsp:setProperty name="intl" property="contextId" value="<%=i2pcontextId%>" />`
jsi whitespace removal 2018-11-13 17:48:58 +00:00			`<link rel="icon" href="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/favicon.ico"><%`
Servlets: Add Accept-Ranges headers 2018-03-09 16:02:00 +00:00			`response.setHeader("Accept-Ranges", "none");`

add X-Frame-Options to console headers 2012-05-13 13:05:17 +00:00			`// clickjacking`
* Console: - Fix several XSS issues (thx Aaron Portnoy of Exodus Intel) - Add Content-Security-Policy and X-XSS-Protection headers - Disable changing news feed URL from UI - Disable plugin install from UI - Disable setting unsigned update URL from UI - Disable /configadvanced * DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit) * ExecNamingService: Disable (thx joernchen of Phenoelit) * Startup: Add susimail.config to migrated files 2014-07-26 09:32:26 +00:00			`if (intl.shouldSendXFrame()) {`
add X-Frame-Options to console headers 2012-05-13 13:05:17 +00:00			`response.setHeader("X-Frame-Options", "SAMEORIGIN");`
Fix CSP to allow inline style and refresh Add filter to all webapps 2014-07-26 11:01:16 +00:00			`response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");`
* Console: - Fix several XSS issues (thx Aaron Portnoy of Exodus Intel) - Add Content-Security-Policy and X-XSS-Protection headers - Disable changing news feed URL from UI - Disable plugin install from UI - Disable setting unsigned update URL from UI - Disable /configadvanced * DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit) * ExecNamingService: Disable (thx joernchen of Phenoelit) * Startup: Add susimail.config to migrated files 2014-07-26 09:32:26 +00:00			`response.setHeader("X-XSS-Protection", "1; mode=block");`
Console: Add X-Content-Type-Options header everywhere (ticket #1763) 2016-02-25 14:56:06 +00:00			`response.setHeader("X-Content-Type-Options", "nosniff");`
* Console: - Fix several XSS issues (thx Aaron Portnoy of Exodus Intel) - Add Content-Security-Policy and X-XSS-Protection headers - Disable changing news feed URL from UI - Disable plugin install from UI - Disable setting unsigned update URL from UI - Disable /configadvanced * DataHelper: Disallow \r in storeProps() (thx joernchen of Phenoelit) * ExecNamingService: Disable (thx joernchen of Phenoelit) * Startup: Add susimail.config to migrated files 2014-07-26 09:32:26 +00:00			`}`
Console: Add Referrer-Policy header 2016-12-23 12:35:41 +00:00			`// https://www.w3.org/TR/referrer-policy/`
			`// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy`
			`// As of Chrome 56, Firefox 50, Opera 43. "same-origin" not widely supported.`
			`response.setHeader("Referrer-Policy", "no-referrer");`
add X-Frame-Options to console headers 2012-05-13 13:05:17 +00:00
* Console: - Parameterize download button tags (ticket #425) - Clean up summary bar HTML warnings - Just display a summary bar link for text browsers - Move welcome div from the readme files to index.jsp - Require a nonce to change language 2011-03-08 03:07:02 +00:00			`String conNonceParam = request.getParameter("consoleNonce");`
lint core, console, i2ptunnel, jetty 2015-10-17 17:38:57 +00:00			`if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) {`
* Console: - Parameterize download button tags (ticket #425) - Clean up summary bar HTML warnings - Just display a summary bar link for text browsers - Move welcome div from the readme files to index.jsp - Require a nonce to change language 2011-03-08 03:07:02 +00:00			`intl.setLang(request.getParameter("lang"));`
* Console: Add ability to hide news 2011-11-09 18:38:39 +00:00			`intl.setNews(request.getParameter("news"));`
* Console: - Parameterize download button tags (ticket #425) - Clean up summary bar HTML warnings - Just display a summary bar link for text browsers - Move welcome div from the readme files to index.jsp - Require a nonce to change language 2011-03-08 03:07:02 +00:00			`}`
jsi whitespace removal 2018-11-13 17:48:58 +00:00			`%><link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">`
* Console: - Don't hide link to configui.jsp for IE any more - Add lang selection on configui.jsp - Tag strings in configui.jsp - Load console_big.css if lang == zh - Add _x() tag for static iniitializers - HTML transitional input tags 2009-10-22 22:25:53 +00:00			`<%`
- Rename cssHelper to intl for ease of tagging - configui.jsp post-prop fixup 2009-10-23 13:55:44 +00:00			`if (intl.getLang().equals("zh")) {`
* Fixes after review: - Fix Polish po file - Install as a service by default on Windows again - Change CPUID getters to package private - Split new jbigi install messages into two lines - Javadocs 2011-06-26 19:07:01 +00:00			`// make the fonts bigger for chinese`
jsi whitespace removal 2018-11-13 17:48:58 +00:00			`%><link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console_big.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">`
* Console: - Don't hide link to configui.jsp for IE any more - Add lang selection on configui.jsp - Tag strings in configui.jsp - Load console_big.css if lang == zh - Add _x() tag for static iniitializers - HTML transitional input tags 2009-10-22 22:25:53 +00:00			`<%`
* Fixes after review: - Fix Polish po file - Install as a service by default on Windows again - Change CPUID getters to package private - Split new jbigi install messages into two lines - Javadocs 2011-06-26 19:07:01 +00:00			`} else if (intl.getLang().equals("ar")) {`
			`// Use RTL theme for Arabic`
jsi whitespace removal 2018-11-13 17:48:58 +00:00			`%><link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console_ar.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">`
Fixed up mobile view of routerconsole with a mobile.css in each theme 2013-01-19 03:42:54 +00:00			`<%`
			`}`
			`if (!intl.allowIFrame(request.getHeader("User-Agent"))) {`
jsi whitespace removal 2018-11-13 17:48:58 +00:00			`%><meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" />`
Console: Version the css links 2016-12-02 17:23:02 +00:00			`<link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>mobile.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">`
Fixed RTL bug in console: Arabic is displayed with right aligned text using a custom console_ar.css 2011-06-20 16:27:58 +00:00			`<%`
			`}`
jsi whitespace removal 2018-11-13 17:48:58 +00:00			`%><!--[if IE]><link href="/themes/console/classic/ieshim.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" /><![endif]-->`