simplify logic, adding test cases for all combinations of URLs that are regarded as secure context
This commit is contained in:
parent
61fde53de0
commit
40493dfb3a
4 changed files with 63 additions and 50 deletions
|
@ -4545,20 +4545,17 @@ jQuery.PrivateBin = (function($, RawDeflate) {
|
|||
}
|
||||
|
||||
// filter out actually secure connections over HTTP
|
||||
if (
|
||||
url.hostname.endsWith('.onion') ||
|
||||
url.hostname.endsWith('.i2p')
|
||||
) {
|
||||
return false;
|
||||
for (const tld of ['.onion', '.i2p']) {
|
||||
if (url.hostname.endsWith(tld)) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// whitelist localhost for development
|
||||
if (
|
||||
url.hostname === 'localhost' ||
|
||||
url.hostname === '127.0.0.1' ||
|
||||
url.hostname === '[::1]'
|
||||
) {
|
||||
return false;
|
||||
for (const hostname of ['localhost', '127.0.0.1', '[::1]']) {
|
||||
if (url.hostname === hostname) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// totally INSECURE http protocol!
|
||||
|
|
|
@ -28,46 +28,62 @@ describe('InitialCheck', function () {
|
|||
return result1 && result2;
|
||||
}
|
||||
),
|
||||
{tests: 1});
|
||||
{tests: 10});
|
||||
});
|
||||
|
||||
it('shows error, if no webcrypto is detected', function () {
|
||||
[true, false].map(
|
||||
function (secureProtocol) {
|
||||
const clean = jsdom('', {
|
||||
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
|
||||
});
|
||||
$('body').html(
|
||||
'<html><body><div id="errormessage" class="hidden"></div>'+
|
||||
'<div id="oldnotice" class="hidden"></div></body></html>'
|
||||
);
|
||||
const crypto = window.crypto;
|
||||
window.crypto = null;
|
||||
$.PrivateBin.Alert.init();
|
||||
assert(!$.PrivateBin.InitialCheck.init());
|
||||
assert(secureProtocol === $('#errormessage').hasClass('hidden'));
|
||||
assert(!$('#oldnotice').hasClass('hidden'));
|
||||
window.crypto = crypto;
|
||||
clean();
|
||||
}
|
||||
);
|
||||
});
|
||||
jsc.property(
|
||||
'shows error, if no webcrypto is detected',
|
||||
'bool',
|
||||
jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.elements(['.onion', '.i2p', '']),
|
||||
function (secureProtocol, localhost, domain, tld) {
|
||||
const isDomain = localhost === '',
|
||||
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
|
||||
clean = jsdom('', {
|
||||
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
|
||||
(isDomain ? domain.join('') + tld : localhost) + '/'
|
||||
});
|
||||
$('body').html(
|
||||
'<html><body><div id="errormessage" class="hidden"></div>'+
|
||||
'<div id="oldnotice" class="hidden"></div></body></html>'
|
||||
);
|
||||
const crypto = window.crypto;
|
||||
window.crypto = null;
|
||||
$.PrivateBin.Alert.init();
|
||||
const result1 = !$.PrivateBin.InitialCheck.init(),
|
||||
result2 = isSecureContext === $('#errormessage').hasClass('hidden'),
|
||||
result3 = !$('#oldnotice').hasClass('hidden');
|
||||
window.crypto = crypto;
|
||||
clean();
|
||||
return result1 && result2 && result3;
|
||||
}
|
||||
);
|
||||
|
||||
it('shows error, if HTTP only site is detected', function () {
|
||||
[true, false].map(
|
||||
function (secureProtocol) {
|
||||
const clean = jsdom('', {
|
||||
'url': (secureProtocol ? 'https' : 'http' ) + '://[::1]/'
|
||||
});
|
||||
$('body').html(
|
||||
'<html><body><div id="httpnotice" class="hidden"></div></body></html>'
|
||||
);
|
||||
assert($.PrivateBin.InitialCheck.init());
|
||||
assert(secureProtocol === $('#httpnotice').hasClass('hidden'));
|
||||
clean();
|
||||
}
|
||||
);
|
||||
});
|
||||
jsc.property(
|
||||
'shows error, if HTTP only site is detected',
|
||||
'bool',
|
||||
jsc.elements(['localhost', '127.0.0.1', '[::1]', '']),
|
||||
jsc.nearray(common.jscA2zString()),
|
||||
jsc.elements(['.onion', '.i2p', '']),
|
||||
function (secureProtocol, localhost, domain, tld) {
|
||||
const isDomain = localhost === '',
|
||||
isSecureContext = secureProtocol || !isDomain || tld.length > 0,
|
||||
clean = jsdom('', {
|
||||
'url': (secureProtocol ? 'https' : 'http' ) + '://' +
|
||||
(isDomain ? domain.join('') + tld : localhost) + '/'
|
||||
});
|
||||
$('body').html(
|
||||
'<html><body><div id="httpnotice" class="hidden"></div>'+
|
||||
'</body></html>'
|
||||
);
|
||||
$.PrivateBin.Alert.init();
|
||||
const result1 = $.PrivateBin.InitialCheck.init(),
|
||||
result2 = isSecureContext === $('#httpnotice').hasClass('hidden');
|
||||
clean();
|
||||
return result1 && result2;
|
||||
}
|
||||
);
|
||||
});
|
||||
});
|
||||
|
||||
|
|
|
@ -72,7 +72,7 @@ if ($MARKDOWN):
|
|||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
|
||||
<!--[if IE]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
|
|
|
@ -50,7 +50,7 @@ if ($MARKDOWN):
|
|||
endif;
|
||||
?>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/purify-1.0.10.js" integrity="sha512-CqskSFXERL38A1PJP9BlO04me7kmwgDIhN1+k24RoFiisEwXA0BMdm0lzJC7g5jCRZ4k5OYdOJGEqW9CwDl4CA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-3ztSV/4pvPksAzHBo/tSKzDa6wLomQpV6gZgzHCwzS7DgRJ8ckw7oO1sxiNI/H3Imh4wGHFKNaqCkbYU7JTdRA==" crossorigin="anonymous"></script>
|
||||
<script type="text/javascript" data-cfasync="false" src="js/privatebin.js?<?php echo rawurlencode($VERSION); ?>" integrity="sha512-V0v5OOCcrMFtPsP9xWbKjoaRBobWrMdKdiDPn1tK8Kq8uzbEOK8tY0JXCbEqVpPyJ3/hVrtfjdXhgGaxeMUj3g==" crossorigin="anonymous"></script>
|
||||
<!--[if IE]>
|
||||
<style type="text/css">body {padding-left:60px;padding-right:60px;} #ienotice {display:block;}</style>
|
||||
<![endif]-->
|
||||
|
|
Loading…
Reference in a new issue