Goyslop/4chan-x
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Implement sandboxing for sauce links.

Browse Source
This commit is contained in:
ccd0 2015-05-04 02:31:46 -07:00
parent 4615ab3e18
commit cf07089d00
7 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Gruntfile.coffee
View File

@ -16,13 +16,14 @@ module.exports = (grunt) ->
parts = [] parts = []
text = template text = template
while text while text
if part = text.match /^[^{}]+(?!{)/ if part = text.match /^(?:[^{}\\]|\\.)+(?!{)/
text = text[part[0].length..] text = text[part[0].length..]
context = (context + part[0]) unescaped = part[0].replace /\\(.)/g, '$1'
context = (context + unescaped)
.replace(/(=['"])[^'"<>]*/g, '$1') .replace(/(=['"])[^'"<>]*/g, '$1')
.replace(/(<\w+)( [\w-]+((?=[ >])|=''|=""))*/g, '$1') .replace(/(<\w+)( [\w-]+((?=[ >])|=''|=""))*/g, '$1')
.replace(/^([^'"<>]+|<\/?\w+>)*/, '') .replace(/^([^'"<>]+|<\/?\w+>)*/, '')
parts.push json part[0] parts.push json unescaped
else if part = text.match /^([^}]){([^}`]*)}/ else if part = text.match /^([^}]){([^}`]*)}/
text = text[part[0].length..] text = text[part[0].length..]
unless context is '' or (part[1] is '$' and /\=['"]$/.test context) or part[1] is '?' unless context is '' or (part[1] is '$' and /\=['"]$/.test context) or part[1] is '?'

2
src/General/Config.coffee
View File

@ -669,7 +669,7 @@ Config =
sauces: """ sauces: """
https://www.google.com/searchbyimage?image_url=%IMG https://www.google.com/searchbyimage?image_url=%IMG
http://iqdb.org/?url=%IMG http://iqdb.org/?url=%IMG
http://eye.swfchan.com/search/?q=%name;types:swf http://eye.swfchan.com/search/?q=%name;types:swf;sandbox
#//tineye.com/search?url=%IMG #//tineye.com/search?url=%IMG
#https://www.yandex.com/images/search?rpt=imageview&img_url=%IMG #https://www.yandex.com/images/search?rpt=imageview&img_url=%IMG
#//saucenao.com/search.php?url=%IMG #//saucenao.com/search.php?url=%IMG

3
src/General/Globals.coffee
View File

@ -19,3 +19,6 @@ E.cat = (templates) ->
html = '' html = ''
html += x.innerHTML for x in templates html += x.innerHTML for x in templates
html html
E.url = (content) ->
"data:text/html;charset=utf-8,<!doctype html>#{encodeURIComponent content.innerHTML}"

16
src/General/html/Features/Sandbox.html Normal file
View File

@ -0,0 +1,16 @@
<html><head>
<title>[sb] ${url}</title>
<style>
iframe \{
width: 100vw;
height: 100vh;
border: 0;
\}
body \{
margin: 0;
overflow: hidden;
\}
</style>
</head><body>
<iframe sandbox="allow-forms" src="${url}"></iframe>
</body></html>

1
src/General/html/Settings/Sauce.html
View File

@ -3,6 +3,7 @@
<div>You can specify a display text by appending <code>;text:[text]</code> to the URL.</div> <div>You can specify a display text by appending <code>;text:[text]</code> to the URL.</div>
<div>You can specify the applicable boards by appending <code>;boards:[board1],[board2]</code>.</div> <div>You can specify the applicable boards by appending <code>;boards:[board1],[board2]</code>.</div>
<div>You can specify the applicable file types by appending <code>;types:[extension1],[extension2]</code>.</div> <div>You can specify the applicable file types by appending <code>;types:[extension1],[extension2]</code>.</div>
<div>You can open links with scripts and popups disabled by appending <code>;sandbox</code>.</div>
<ul>These parameters will be replaced by their corresponding values: <ul>These parameters will be replaced by their corresponding values:
<li><code>%TURL</code>: Thumbnail URL.</li> <li><code>%TURL</code>: Thumbnail URL.</li>
<li><code>%URL</code>: Full image URL.</li> <li><code>%URL</code>: Full image URL.</li>

12
src/Images/Sauce.coffee
View File

@ -16,15 +16,18 @@ Sauce =
name: 'Sauce' name: 'Sauce'
cb: @node cb: @node
sandbox: (url) ->
E.url <%= importHTML('Features/Sandbox') %>
createSauceLink: (link, post) -> createSauceLink: (link, post) ->
return null unless link = link.trim() return null unless link = link.trim()
parts = {} parts = {}
for part, i in link.split /;(?=(?:text|boards|types):)/ for part, i in link.split /;(?=(?:text|boards|types|sandbox):?)/
if i is 0 if i is 0
parts['url'] = part parts['url'] = part
else else
m = part.match /^(\w*):(.*)$/ m = part.match /^(\w*):?(.*)$/
parts[m[1]] = m[2] parts[m[1]] = m[2]
parts['text'] or= parts['url'].match(/(\w+)\.\w+\//)?[1] or '?' parts['text'] or= parts['url'].match(/(\w+)\.\w+\//)?[1] or '?'
ext = post.file.url.match(/[^.]*$/)[0] ext = post.file.url.match(/[^.]*$/)[0]
@ -55,8 +58,11 @@ Sauce =
return null unless !parts['boards'] or post.board.ID in parts['boards'].split ',' return null unless !parts['boards'] or post.board.ID in parts['boards'].split ','
return null unless !parts['types'] or ext in parts['types'].split ',' return null unless !parts['types'] or ext in parts['types'].split ','
url = parts['url']
url = Sauce.sandbox url if parts['sandbox']?
a = Sauce.link.cloneNode true a = Sauce.link.cloneNode true
a.href = parts['url'] a.href = url
a.textContent = parts['text'] a.textContent = parts['text']
a.removeAttribute 'target' if /^javascript:/i.test parts['url'] a.removeAttribute 'target' if /^javascript:/i.test parts['url']
a a

2
src/Linkification/Embedding.coffee
View File

@ -185,7 +185,7 @@ Embedding =
el = $.el 'iframe' el = $.el 'iframe'
el.setAttribute 'sandbox', 'allow-scripts' el.setAttribute 'sandbox', 'allow-scripts'
content = <%= html('<html><head><title>${a.dataset.uid}</title></head><body><script src="https://gist.github.com/${a.dataset.uid}.js"></script></body></html>') %> content = <%= html('<html><head><title>${a.dataset.uid}</title></head><body><script src="https://gist.github.com/${a.dataset.uid}.js"></script></body></html>') %>
el.src = "data:text/html;charset=utf-8,<!doctype html>#{encodeURIComponent content.innerHTML}" el.src = E.url content
el el
title: title:
api: (uid) -> "https://api.github.com/gists/#{uid}" api: (uid) -> "https://api.github.com/gists/#{uid}"