mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-08-17 09:02:15 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

sandboxed other-origin iframes dont cache css

Browse source
This commit is contained in:
ed 2023-01-28 23:40:25 +00:00
parent d4c5fca15b
commit c50cb66aef
2 changed files with 41 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
copyparty/httpcli.py
View file

@ -158,7 +158,7 @@ class HttpCli(object):
self.out_headerlist: list[tuple[str, str]] = [] self.out_headerlist: list[tuple[str, str]] = []
self.out_headers = { self.out_headers = {
"Vary": "Origin, PW, Cookie", "Vary": "Origin, PW, Cookie",
"Cache-Control": "no-store; max-age=0", "Cache-Control": "no-store, max-age=0",
} }
h = self.args.html_head h = self.args.html_head
if self.args.no_robots: if self.args.no_robots:

48
copyparty/web/browser.js
View file

@ -6555,6 +6555,37 @@ var msel = (function () {
})(); })();
var globalcss = (function () {
var ret = '';
return function () {
if (ret)
return ret;
var dcs = document.styleSheets;
for (var a = 0; a < dcs.length; a++) {
var base = dcs[a].href,
ds = dcs[a].cssRules;
if (!base)
continue;
base = base.replace(/[^/]+$/, '');
for (var b = 0; b < ds.length; b++) {
var css = ds[b].cssText.split(/\burl\(/g);
ret += css[0];
for (var c = 1; c < css.length; c++) {
var delim = (/^["']/.exec(css[c])) ? css[c].slice(0, 1) : '';
ret += 'url(' + delim + ((css[c].slice(0, 8).indexOf('://') + 1 || css[c].startsWith('/')) ? '' : base) +
css[c].slice(delim ? 1 : 0);
}
ret += '\n';
}
}
return ret;
};
})();
function show_md(md, name, div, url, depth) { function show_md(md, name, div, url, depth) {
var errmsg = L.md_eshow + name + ':\n\n', var errmsg = L.md_eshow + name + ':\n\n',
now = get_evpath(); now = get_evpath();
@ -6649,20 +6680,21 @@ function sandbox(tgt, rules, cls, html) {
} }
clmod(tgt, 'sb', 1); clmod(tgt, 'sb', 1);
var tid = tgt.getAttribute('id'), var tid = tgt.getAttribute('id'),
dcs = document.styleSheets,
hash = location.hash, hash = location.hash,
want = ''; want = '';
if (hash.startsWith('#md-')) if (hash.startsWith('#md-'))
want = hash.slice(1); want = hash.slice(1);
var h2 = '<html class="' + document.documentElement.className + '"><head><base target="_parent">'; html = '<html class="' + document.documentElement.className + '"><head><style>' + globalcss() +
for (var a = 0; a < dcs.length; a++) '</style><base target="_parent"></head><body class="logue ' + cls + '">' + html +
if (dcs[a].href) '<script>setTimeout(function(){var its=0,pih=-1,f=function(){' +
h2 += '<link rel="stylesheet" media="screen" href="' + dcs[a].href + '">'; 'var d=document.documentElement,ih=2+Math.min(parseInt(getComputedStyle(d).height),d.scrollHeight);' +
'if(ih!=pih){pih=ih;window.parent.postMessage("iheight #' + tid + '>iframe "+ih,"*")}' +
html = h2 + '</head><body class="logue ' + cls + '">' + html + 'if(++its<20)return setTimeout(f,20);if(its==20)setInterval(f,200)' +
'<script>setTimeout(function(){var pih=-1;function f(){var d=document.documentElement,ih=2+Math.min(parseInt(getComputedStyle(d).height),d.scrollHeight);if(ih==pih)return;pih=ih;window.parent.postMessage("iheight #' + tid + '>iframe "+ih,"*")};setInterval(f,100);f();var el="' + want + '"&&document.getElementById("' + want + '");if(el)window.parent.postMessage("iscroll #' + tid + ' "+el.offsetTop,"*")},1)</script></body></html>'; '};f();var el="' + want + '"&&document.getElementById("' + want + '");' +
'if(el)window.parent.postMessage("iscroll #' + tid + ' "+el.offsetTop,"*")' +
'},1)</script></body></html>';
var fr = mknod('iframe'); var fr = mknod('iframe');
fr.setAttribute('sandbox', rules ? 'allow-' + rules.replace(/ /g, ' allow-') : ''); fr.setAttribute('sandbox', rules ? 'allow-' + rules.replace(/ /g, ' allow-') : '');