From 65c41975a6dca0610c7dc4454ece9534f3636893 Mon Sep 17 00:00:00 2001 From: toasted-nutbread Date: Mon, 22 Jun 2020 19:26:59 -0400 Subject: Secure popup frame url changes (#622) * Throw error if options is not ready * Remove id * Change unsecurePopupFrameUrl to useSecurePopupFrameUrl --- ext/bg/data/options-schema.json | 6 +++--- ext/bg/js/options.js | 2 +- ext/bg/settings.html | 2 +- ext/fg/js/popup.js | 13 +++++++++---- 4 files changed, 14 insertions(+), 9 deletions(-) (limited to 'ext') diff --git a/ext/bg/data/options-schema.json b/ext/bg/data/options-schema.json index 5885e036..f8791433 100644 --- a/ext/bg/data/options-schema.json +++ b/ext/bg/data/options-schema.json @@ -110,7 +110,7 @@ "showPitchAccentPositionNotation", "showPitchAccentGraph", "showIframePopupsInRootFrame", - "unsecurePopupFrameUrl" + "useSecurePopupFrameUrl" ], "properties": { "enable": { @@ -249,9 +249,9 @@ "type": "boolean", "default": false }, - "unsecurePopupFrameUrl": { + "useSecurePopupFrameUrl": { "type": "boolean", - "default": false + "default": true } } }, diff --git a/ext/bg/js/options.js b/ext/bg/js/options.js index 170e4799..151c945b 100644 --- a/ext/bg/js/options.js +++ b/ext/bg/js/options.js @@ -177,7 +177,7 @@ function profileOptionsCreateDefaults() { showPitchAccentPositionNotation: true, showPitchAccentGraph: false, showIframePopupsInRootFrame: false, - unsecurePopupFrameUrl: false + useSecurePopupFrameUrl: true }, audio: { diff --git a/ext/bg/settings.html b/ext/bg/settings.html index 77b61aef..4de70b7e 100644 --- a/ext/bg/settings.html +++ b/ext/bg/settings.html @@ -183,7 +183,7 @@
- +
diff --git a/ext/fg/js/popup.js b/ext/fg/js/popup.js index 4394a965..3b14d3d0 100644 --- a/ext/fg/js/popup.js +++ b/ext/fg/js/popup.js @@ -326,19 +326,24 @@ class Popup { } async _createInjectPromise() { + if (this._options === null) { + throw new Error('Options not initialized'); + } + + const {useSecurePopupFrameUrl} = this._options.general; + this._injectStyles(); - const unsecurePopupFrameUrl = (this._options !== null && this._options.general.unsecurePopupFrameUrl); const {secret, token} = await this._initializeFrame(this._frame, this._targetOrigin, this._frameId, (frame) => { frame.removeAttribute('src'); frame.removeAttribute('srcdoc'); this._observeFullscreen(true); this._onFullscreenChanged(); const url = chrome.runtime.getURL('/fg/float.html'); - if (unsecurePopupFrameUrl) { - frame.setAttribute('src', url); - } else { + if (useSecurePopupFrameUrl) { frame.contentDocument.location.href = url; + } else { + frame.setAttribute('src', url); } }); this._frameSecret = secret; -- cgit v1.2.3