Diffstat (limited to 'frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js') (more/less context) (ignore whitespace changes)
-rw-r--r-- | frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js index c0cfa3c..56d9d59 100644 --- a/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js +++ b/frontend/beta/js/Clipperz/PM/DataModel/DirectLogin.js @@ -33,17 +33,17 @@ Clipperz.PM.DataModel.DirectLogin = function(args) { //console.log(">>> new Clipperz.PM.DataModel.DirectLogin - args: %o", args); //console.log("--- formData: %s", Clipperz.Base.serializeJSON(args.formData)); args = args || {}; //MochiKit.Logging.logDebug("--- new Clipperz.PM.DataModel.DirectLogin - args: " + Clipperz.Base.serializeJSON(MochiKit.Base.keys(args))); this._record = args.record || null; this._label = args.label || "unnamed record" this._reference = args.reference || Clipperz.PM.Crypto.randomKey(); - this._favicon = args.favicon || null; + this._favicon = Clipperz.Base.sanitizeFavicon(args.favicon) || null; this._bookmarkletVersion = args.bookmarkletVersion || "0.1"; this._directLoginInputs = null; this._formValues = args.formValues || {}; this.setFormData(args.formData || null); //console.log("=== formData: %o", this.formData()); @@ -97,19 +97,19 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'favicon': function() { if (this._favicon == null) { var actionUrl; var hostname; - actionUrl = this.formData()['attributes']['action']; + actionUrl = this.action(); hostname = actionUrl.replace(/^https?:\/\/([^\/]*)\/.*/, '$1'); - this._favicon = "http://" + hostname + "/favicon.ico"; + this._favicon = Clipperz.Base.sanitizeFavicon("http://" + hostname + "/favicon.ico"); } return this._favicon; }, //------------------------------------------------------------------------- 'fixedFavicon': function() { @@ -132,16 +132,24 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { return result; }, 'setFixedFavicon': function(aValue) { this._fixedFavicon = aValue; }, + 'action': function () { + var result; + + result = Clipperz.Base.sanitizeUrl(this.formData()['attributes']['action']); + + return result; + }, + //------------------------------------------------------------------------- 'bookmarkletVersion': function() { return this._bookmarkletVersion; }, 'setBookmarkletVersion': function(aValue) { this._bookmarkletVersion = aValue; @@ -437,17 +445,17 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { //MochiKit.Logging.logDebug("### runDirectLogin - 3"); // MochiKit.DOM.currentDocument().write('<html><head><title>' + this.label() + '</title><META http-equiv="Content-Type" content="text/html; charset=utf-8" /></head><body></body></html>') //MochiKit.Logging.logDebug("### runDirectLogin - 3.1"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.H3(null, "Loading " + this.label() + " ...")); //MochiKit.Logging.logDebug("### runDirectLogin - 4"); //console.log(this.formData()['attributes']); formElement = MochiKit.DOM.FORM(MochiKit.Base.update({id:'directLoginForm'}, { 'method':this.formData()['attributes']['method'], - 'action':this.formData()['attributes']['action']})); + 'action': this.action()})); //MochiKit.Logging.logDebug("### runDirectLogin - 5"); formSubmitFunction = MochiKit.Base.method(formElement, 'submit'); //MochiKit.Logging.logDebug("### runDirectLogin - 6"); MochiKit.DOM.appendChildNodes(MochiKit.DOM.currentDocument().body, MochiKit.DOM.DIV({style:'display:none; visibility:hidden;'}, formElement) ); //MochiKit.Logging.logDebug("### runDirectLogin - 7"); @@ -482,19 +490,19 @@ Clipperz.PM.DataModel.DirectLogin.prototype = MochiKit.Base.update(null, { //------------------------------------------------------------------------- 'runDirectLogin': function(aNewWindow) { var newWindow; //console.log("formData.attributes", this.formData()['attributes']); // if (/^javascript/.test(this.formData()['attributes']['action'])) { - if ((/^(https?|webdav|ftp)\:/.test(this.formData()['attributes']['action']) == false) && - (this.formData()['attributes']['type'] != 'http_auth')) - { + if ((/^(https?|webdav|ftp)\:/.test(this.action()) == false) && + (this.formData()['attributes']['type'] != 'http_auth') + ) { var messageBoxConfiguration; if (typeof(aNewWindow) != 'undefined') { aNewWindow.close(); } messageBoxConfiguration = {}; messageBoxConfiguration.title = Clipperz.PM.Strings['VulnerabilityWarning_Panel_title']; |