summaryrefslogtreecommitdiff
path: root/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
Side-by-side diff
Diffstat (limited to 'frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js') (more/less context) (ignore whitespace changes)
-rw-r--r--frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js22
1 files changed, 15 insertions, 7 deletions
diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
index c0cfa3c..56d9d59 100644
--- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
+++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js
@@ -17,49 +17,49 @@ refer to http://www.clipperz.com.
See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public
License along with Clipperz. If not, see http://www.gnu.org/licenses/.
*/
if (typeof(Clipperz) == 'undefined') { Clipperz = {}; }
if (typeof(Clipperz.PM) == 'undefined') { Clipperz.PM = {}; }
if (typeof(Clipperz.PM.DataModel) == 'undefined') { Clipperz.PM.DataModel = {}; }
//#############################################################################
Clipperz.PM.DataModel.DirectLogin = function(args) {
//MochiKit.Logging.logDebug(">>> new Clipperz.PM.DataModel.DirectLogin");
//console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args);
//console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData));
args = args || {};
//MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args)));
this._record = args.record || null;
this._label = args.label || "unnamed record"
this._reference = args.reference || Clipperz.PM.Crypto.randomKey();
- this._favicon = args.favicon || null;
+ this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null;
this._bookmarkletVersion = args.bookmarkletVersion || "0.1";
this._directLoginInputs = null;
this._formValues = args.formValues || {};
this.setFormData(args.formData || null);
//console.log("=== formData: %o", this.formData());
if (args.legacyBindingData == null) {
this.setBindingData(args.bindingData || null);
} else {
this.setLegacyBindingData(args.legacyBindingData);
}
this._fixedFavicon = null;
// this._formValues = args.formValues || (this.hasValuesToSet() ? {} : null);
//MochiKit.Logging.logDebug("<<< new Clipperz.PM.DataModel.DirectLogin");
return this;
}
Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
@@ -81,83 +81,91 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
//-------------------------------------------------------------------------
'reference': function() {
return this._reference;
},
//-------------------------------------------------------------------------
'label': function() {
return this._label;
},
'setLabel': function(aValue) {
this._label = aValue;
},
//-------------------------------------------------------------------------
'favicon': function() {
if (this._favicon == null) {
var actionUrl;
var hostname;
- actionUrl = this.formData()['attributes']['action'];
+ actionUrl = this.action();
hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1');
- this._favicon = "http://" + hostname + "/favicon.ico";
+ this._favicon = Clipperz.Base.sanitizeFavicon("http://" + hostname + "/favicon.ico");
}
return this._favicon;
},
//-------------------------------------------------------------------------
'fixedFavicon': function() {
var result;
if (this._fixedFavicon == null) {
result = this.favicon();
if (Clipperz_IEisBroken) {
if (this.user().preferences().disableUnsecureFaviconLoadingForIE()) {
if (result.indexOf('https://') != 0) {
result = Clipperz.PM.Strings['defaultFaviconUrl_IE'];
this.setFixedFavicon(result);
}
}
}
} else {
result = this._fixedFavicon;
}
return result;
},
'setFixedFavicon': function(aValue) {
this._fixedFavicon = aValue;
},
+ 'action': function () {
+ var result;
+
+ result = Clipperz.Base.sanitizeUrl(this.formData()['attributes']['action']);
+
+ return result;
+ },
+
//-------------------------------------------------------------------------
'bookmarkletVersion': function() {
return this._bookmarkletVersion;
},
'setBookmarkletVersion': function(aValue) {
this._bookmarkletVersion = aValue;
},
//-------------------------------------------------------------------------
'formData': function() {
return this._formData;
},
'setFormData': function(aValue) {
var formData;
//MochiKit.Logging.logDebug(">>> DirectLogin.setFormData - " + Clipperz.Base.serializeJSON(aValue));
switch (this.bookmarkletVersion()) {
case "0.2":
formData = aValue;
break;
@@ -421,96 +429,96 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, {
/(^https?\:\/\/)?(.*)/.test(url);
completeUrl = RegExp.$1 + username + ':' + password + '@' + RegExp.$2;
}
MochiKit.DOM.currentWindow().location.href = completeUrl;
}, this));
},
//-------------------------------------------------------------------------
'runSubmitFormDirectLogin': function(aWindow) {
MochiKit.DOM.withWindow(aWindow, MochiKit.Base.bind(function() {
var formElement;
var formSubmitFunction;
var submitButtons;
//MochiKit.Logging.logDebug("### runDirectLogin - 3");
// MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>')
//MochiKit.Logging.logDebug("### runDirectLogin - 3.1");
MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ..."));
//MochiKit.Logging.logDebug("### runDirectLogin - 4");
//console.log(this.formData()['attributes']);
formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, { 'method':this.formData()['attributes']['method'],
- 'action':this.formData()['attributes']['action']}));
+ 'action': this.action()}));
//MochiKit.Logging.logDebug("### runDirectLogin - 5");
formSubmitFunction = MochiKit.Base.method(formElement, 'submit');
//MochiKit.Logging.logDebug("### runDirectLogin - 6");
MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body,
MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement)
);
//MochiKit.Logging.logDebug("### runDirectLogin - 7");
MochiKit.DOM.appendChildNodes(formElement, MochiKit.Base.map( MochiKit.Base.methodcaller("formConfiguration"),
this.directLoginInputs()));
//MochiKit.Logging.logDebug("### runDirectLogin - 8");
submitButtons = MochiKit.Base.filter(function(anInputElement) {
//MochiKit.Logging.logDebug("### runDirectLogin - 8.1 - " + anInputElement);
//MochiKit.Logging.logDebug("### runDirectLogin - 8.2 - " + anInputElement.tagName);
//MochiKit.Logging.logDebug("### runDirectLogin - 8.3 - " + anInputElement.getAttribute('type'));
return ((anInputElement.tagName.toLowerCase() == 'input') && (anInputElement.getAttribute('type').toLowerCase() == 'submit'));
}, formElement.elements)
//MochiKit.Logging.logDebug("### runDirectLogin - 9");
if (submitButtons.length == 0) {
//MochiKit.Logging.logDebug("### OLD submit")
if (Clipperz_IEisBroken == true) {
//MochiKit.Logging.logDebug("### runDirectLogin - 10");
formElement.submit();
} else {
//MochiKit.Logging.logDebug("### runDirectLogin - 11");
formSubmitFunction();
}
} else {
//MochiKit.Logging.logDebug("### NEW submit")
submitButtons[0].click();
}
}, this));
},
//-------------------------------------------------------------------------
'runDirectLogin': function(aNewWindow) {
var newWindow;
//console.log("formData.attributes", this.formData()['attributes']);
// if (/^javascript/.test(this.formData()['attributes']['action'])) {
- if ((/^(https?|webdav|ftp)\:/.test(this.formData()['attributes']['action']) == false) &&
- (this.formData()['attributes']['type'] != 'http_auth'))
- {
+ if ((/^(https?|webdav|ftp)\:/.test(this.action()) == false) &&
+ (this.formData()['attributes']['type'] != 'http_auth')
+ ) {
var messageBoxConfiguration;
if (typeof(aNewWindow) != 'undefined') {
aNewWindow.close();
}
messageBoxConfiguration = {};
messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title'];
messageBoxConfiguration.msg = Clipperz.PM.Strings['VulnerabilityWarning_Panel_message'];
messageBoxConfiguration.animEl = YAHOO.ext.Element.get("mainDiv");
messageBoxConfiguration.progress = false;
messageBoxConfiguration.closable = false;
messageBoxConfiguration.buttons = {'cancel': Clipperz.PM.Strings['VulnerabilityWarning_Panel_buttonLabel']};
Clipperz.YUI.MessageBox.show(messageBoxConfiguration);
throw Clipperz.Base.exception.VulnerabilityIssue;
}
//MochiKit.Logging.logDebug("### runDirectLogin - 1 : " + Clipperz.Base.serializeJSON(this.serializedData()));
if (typeof(aNewWindow) == 'undefined') {
newWindow = window.open(Clipperz.PM.Strings['directLoginJumpPageUrl'], "");
} else {
newWindow = aNewWindow;