echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Console: Remove onload and unsafe CSP on iframed pages

Browse Source
This commit is contained in:
zzz
2020-05-11 18:04:19 +00:00
parent 8631db8769
commit 2cd2f25c56
5 changed files with 24 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
apps/routerconsole/jsp/dns.jsp
View File

@ -23,22 +23,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head> <html><head>
<%@include file="css.jsi" %> <%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("addressbook")%> <%=intl.title("addressbook")%>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script> <script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %> <%@include file="summaryajax.jsi" %>
<script nonce="<%=cspNonce%>" type="text/javascript"> <script nonce="<%=cspNonce%>" type="text/javascript">
function setupFrame() { function setupFrame() {
f = document.getElementById("susidnsframe"); f = document.getElementById("susidnsframe");
injectClass(f); f.addEventListener("load", function() {
resizeFrame(f); injectClass(f);
resizeFrame(f);
}, true);
} }
</script> </script>
</head><body> </head><body>
<%@include file="summary.jsi" %> <%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Addressbook")%> <span class="newtab"><a href="/susidns/index" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1> <h1><%=intl._t("I2P Addressbook")%> <span class="newtab"><a href="/susidns/index" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1>
<div class="main" id="dns"> <div class="main" id="dns">
<iframe src="/susidns/index" width="100%" height="100%" frameborder="0" border="0" name="susidnsframe" id="susidnsframe" onload="setupFrame()" allowtransparency="true"> <iframe src="/susidns/index" width="100%" height="100%" frameborder="0" border="0" name="susidnsframe" id="susidnsframe" allowtransparency="true">
<%=intl._t("Your browser does not support iFrames.")%> <%=intl._t("Your browser does not support iFrames.")%>
&nbsp;<a href="/susidns/index"><%=intl._t("Click here to continue.")%></a> &nbsp;<a href="/susidns/index"><%=intl._t("Click here to continue.")%></a>
</iframe> </iframe>

11
apps/routerconsole/jsp/i2ptunnelmgr.jsp
View File

@ -23,7 +23,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head> <html><head>
<%@include file="css.jsi" %> <%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("Hidden Services Manager")%> <%=intl.title("Hidden Services Manager")%>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script> <script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %> <%@include file="summaryajax.jsi" %>
@ -51,9 +50,11 @@
} }
function setupFrame() { function setupFrame() {
f = document.getElementById("i2ptunnelframe"); f = document.getElementById("i2ptunnelframe");
injectClass(f); f.addEventListener("load", function() {
injectClassSpecific(f); injectClass(f);
resizeFrame(f); injectClassSpecific(f);
resizeFrame(f);
}, true);
} }
</script> </script>
</head><body> </head><body>
@ -62,7 +63,7 @@
<h1><%=intl._t("Hidden Services Manager")%> <span class="newtab"><a href="/i2ptunnel/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1> <h1><%=intl._t("Hidden Services Manager")%> <span class="newtab"><a href="/i2ptunnel/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1>
<div class="main" id="tunnelmgr"> <div class="main" id="tunnelmgr">
<iframe src="/i2ptunnel/" width="100%" height="100%" frameborder="0" border="0" name="i2ptunnelframe" id="i2ptunnelframe" onload="setupFrame()" allowtransparency="true"> <iframe src="/i2ptunnel/" width="100%" height="100%" frameborder="0" border="0" name="i2ptunnelframe" id="i2ptunnelframe" allowtransparency="true">
<%=intl._t("Your browser does not support iFrames.")%> <%=intl._t("Your browser does not support iFrames.")%>
&nbsp;<a href="/i2ptunnel/"><%=intl._t("Click here to continue.")%></a> &nbsp;<a href="/i2ptunnel/"><%=intl._t("Click here to continue.")%></a>
</iframe> </iframe>

3
apps/routerconsole/jsp/js/iframed.js
View File

@ -36,3 +36,6 @@ function resizeFrame(f) {
f.style.height = totalHeight + "px"; f.style.height = totalHeight + "px";
} }
document.addEventListener("DOMContentLoaded", function() {
setupFrame();
}, true);

9
apps/routerconsole/jsp/torrents.jsp
View File

@ -24,22 +24,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head> <html><head>
<%@include file="css.jsi" %> <%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("torrents")%> <%=intl.title("torrents")%>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script> <script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %> <%@include file="summaryajax.jsi" %>
<script nonce="<%=cspNonce%>" type="text/javascript"> <script nonce="<%=cspNonce%>" type="text/javascript">
function setupFrame() { function setupFrame() {
f = document.getElementById("i2psnarkframe"); f = document.getElementById("i2psnarkframe");
injectClass(f); f.addEventListener("load", function() {
resizeFrame(f); injectClass(f);
resizeFrame(f);
}, true);
} }
</script> </script>
</head><body> </head><body>
<%@include file="summary.jsi" %> <%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Torrent Manager")%> <span class="newtab"><a href="/i2psnark/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1> <h1><%=intl._t("I2P Torrent Manager")%> <span class="newtab"><a href="/i2psnark/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1>
<div class="main" id="torrents"> <div class="main" id="torrents">
<iframe src="/i2psnark/" width="100%" height="100%" frameborder="0" border="0" name="i2psnarkframe" id="i2psnarkframe" onload="setupFrame()" allowtransparency="true"> <iframe src="/i2psnark/" width="100%" height="100%" frameborder="0" border="0" name="i2psnarkframe" id="i2psnarkframe" allowtransparency="true">
<%=intl._t("Your browser does not support iFrames.")%> <%=intl._t("Your browser does not support iFrames.")%>
&nbsp;<a href="/i2psnark/"><%=intl._t("Click here to continue.")%></a> &nbsp;<a href="/i2psnark/"><%=intl._t("Click here to continue.")%></a>
</iframe> </iframe>

9
apps/routerconsole/jsp/webmail.jsp
View File

@ -24,22 +24,23 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head> <html><head>
<%@include file="css.jsi" %> <%@include file="css.jsi" %>
<%@include file="csp-unsafe.jsi" %>
<%=intl.title("webmail")%> <%=intl.title("webmail")%>
<script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script> <script src="/js/iframed.js?<%=net.i2p.CoreVersion.VERSION%>" type="text/javascript"></script>
<%@include file="summaryajax.jsi" %> <%@include file="summaryajax.jsi" %>
<script nonce="<%=cspNonce%>" type="text/javascript"> <script nonce="<%=cspNonce%>" type="text/javascript">
function setupFrame() { function setupFrame() {
f = document.getElementById("susimailframe"); f = document.getElementById("susimailframe");
injectClass(f); f.addEventListener("load", function() {
resizeFrame(f); injectClass(f);
resizeFrame(f);
}, true);
} }
</script> </script>
</head><body> </head><body>
<%@include file="summary.jsi" %> <%@include file="summary.jsi" %>
<h1><%=intl._t("I2P Webmail")%> <span class="newtab"><a href="/susimail/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1> <h1><%=intl._t("I2P Webmail")%> <span class="newtab"><a href="/susimail/" target="_blank" title="<%=intl._t("Open in new tab")%>"><img src="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/newtab.png" /></a></span></h1>
<div class="main" id="webmail"> <div class="main" id="webmail">
<iframe src="/susimail/" width="100%" height="100%" frameborder="0" border="0" name="susimailframe" id="susimailframe" onload="setupFrame()" allowtransparency="true"> <iframe src="/susimail/" width="100%" height="100%" frameborder="0" border="0" name="susimailframe" id="susimailframe" allowtransparency="true">
<%=intl._t("Your browser does not support iFrames.")%> <%=intl._t("Your browser does not support iFrames.")%>
&nbsp;<a href="/susimail/"><%=intl._t("Click here to continue.")%></a> &nbsp;<a href="/susimail/"><%=intl._t("Click here to continue.")%></a>
</iframe> </iframe>