trix_embed 0.0.2 → 0.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +120 -47
- data/app/assets/builds/trix-embed.js +5 -22
- data/app/assets/builds/trix-embed.metafile.json +1 -1
- data/app/javascript/controller.js +343 -145
- data/app/javascript/enumerable.js +19 -0
- data/app/javascript/forms.js +134 -0
- data/app/javascript/guard.js +29 -47
- data/app/javascript/index.js +9 -3
- data/app/javascript/media.js +12 -2
- data/app/javascript/metadata.js +4 -0
- data/app/javascript/renderer.js +153 -75
- data/app/javascript/store.js +13 -1
- data/app/javascript/templates.js +45 -28
- data/app/javascript/urls.js +57 -42
- data/app/models/trix_embed/attachment.rb +20 -6
- data/app/views/action_text/contents/_content.html.erb +1 -1
- data/lib/trix_embed/engine.rb +1 -1
- data/lib/trix_embed/version.rb +1 -1
- metadata +37 -4
|
@@ -1,180 +1,290 @@
|
|
|
1
|
+
import { sample, shuffle } from './enumerable'
|
|
1
2
|
import { generateKey, encryptValues, decryptValues } from './encryption'
|
|
2
|
-
import {
|
|
3
|
-
|
|
3
|
+
import {
|
|
4
|
+
createURLObject,
|
|
5
|
+
createURLTextNodeTreeWalker,
|
|
6
|
+
extractURLs,
|
|
7
|
+
extractURLFromElement,
|
|
8
|
+
validateURL
|
|
9
|
+
} from './urls'
|
|
10
|
+
import { getMediaType, mediaTags, trixAttachmentTagName, trixEmbedMediaTypes } from './media'
|
|
4
11
|
import Guard from './guard'
|
|
5
12
|
import Store from './store'
|
|
6
13
|
import Renderer from './renderer'
|
|
7
14
|
|
|
8
|
-
|
|
9
|
-
Controller: null,
|
|
10
|
-
Trix: null
|
|
11
|
-
}
|
|
12
|
-
|
|
13
|
-
export function getTrixEmbedControllerClass(options = defaultOptions) {
|
|
15
|
+
export function getTrixEmbedControllerClass(options = { Controller: null, Trix: null }) {
|
|
14
16
|
const { Controller, Trix } = options
|
|
15
17
|
return class extends Controller {
|
|
16
18
|
static values = {
|
|
17
19
|
// templates
|
|
18
|
-
|
|
19
|
-
errorTemplate: String, // dom id of template to use for
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
20
|
+
embeddedTemplate: String, // dom id of template to use for EMBEDDED MEDIA info
|
|
21
|
+
errorTemplate: String, // dom id of template to use for UNEXPECTED ERRORS
|
|
22
|
+
iframeTemplate: String, // dom id of template to use for IFRAME EMBEDS
|
|
23
|
+
imageTemplate: String, // dom id of template to use for IMAGE EMBEDS
|
|
24
|
+
linkTemplate: String, // dom id of template to use for ALLOWED LINKS
|
|
25
|
+
prohibitedTemplate: String, // dom id of template to use for PROHIBITED URLS
|
|
26
|
+
warningTemplate: String, // dom id of template to use when invalid embeds are detected
|
|
23
27
|
|
|
24
28
|
// security related values
|
|
25
|
-
|
|
29
|
+
allowedLinkHosts: Array, // list of hosts/domains that links are allowed from
|
|
30
|
+
blockedLinkHosts: Array, // list of hosts/domains that links are NOT allowed from
|
|
31
|
+
allowedMediaHosts: Array, // list of hosts/domains that media is allowed from
|
|
32
|
+
blockedMediaHosts: Array, // list of hosts/domains that media is NOT allowed from
|
|
26
33
|
paranoid: { type: Boolean, default: true } // guard against attacks
|
|
27
34
|
}
|
|
28
35
|
|
|
29
|
-
|
|
36
|
+
connect() {
|
|
37
|
+
this.onPaste = this.paste.bind(this)
|
|
38
|
+
this.element.addEventListener('trix-paste', this.onPaste, true)
|
|
39
|
+
|
|
40
|
+
// forget config when navigating away
|
|
41
|
+
this.onBeforeFetchResponse = this.beforeFetchResponse.bind(this)
|
|
42
|
+
addEventListener('turbo:before-fetch-response', this.onBeforeFetchResponse, true)
|
|
43
|
+
|
|
44
|
+
// forget config when navigating away
|
|
45
|
+
this.onBeforeUnload = this.forgetConfig.bind(this)
|
|
46
|
+
addEventListener('beforeunload', this.onBeforeUnload, true)
|
|
47
|
+
|
|
30
48
|
this.store = new Store(this)
|
|
31
49
|
this.guard = new Guard(this)
|
|
32
|
-
|
|
33
|
-
if (this.
|
|
34
|
-
|
|
35
|
-
|
|
50
|
+
|
|
51
|
+
if (this.key) return // already configured
|
|
52
|
+
|
|
53
|
+
this.rememberConfig().then(() => {
|
|
54
|
+
if (this.paranoid) this.guard.protect()
|
|
55
|
+
})
|
|
56
|
+
}
|
|
57
|
+
|
|
58
|
+
reconnect() {
|
|
59
|
+
const value = this.element.getAttribute('data-controller') || ''
|
|
60
|
+
const values = new Set(value.split(' '))
|
|
61
|
+
values.add('trix-embed')
|
|
62
|
+
this.element.setAttribute('data-controller', [...values].join(' ').trim())
|
|
36
63
|
}
|
|
37
64
|
|
|
38
65
|
disconnect() {
|
|
39
|
-
|
|
40
|
-
this.
|
|
66
|
+
this.element.removeEventListener('trix-paste', this.onPaste, true)
|
|
67
|
+
removeEventListener('turbo:before-fetch-response', this.onBeforeFetchResponse, true)
|
|
68
|
+
removeEventListener('beforeunload', this.onBeforeUnload, true)
|
|
69
|
+
this.reconnect() // can't get rid of this controller after it's been connected
|
|
70
|
+
}
|
|
71
|
+
|
|
72
|
+
beforeFetchResponse(event) {
|
|
73
|
+
try {
|
|
74
|
+
const editors = event.target.querySelectorAll('trix-editor')
|
|
75
|
+
if (editors.includes(this.element)) this.forgetConfig()
|
|
76
|
+
} catch {}
|
|
41
77
|
}
|
|
42
78
|
|
|
43
79
|
async paste(event) {
|
|
44
|
-
|
|
45
|
-
let content = html || string || ''
|
|
46
|
-
const pastedTemplate = this.buildPastedTemplate(content)
|
|
47
|
-
const pastedElement = pastedTemplate.content.firstElementChild
|
|
48
|
-
const sanitizedPastedElement = this.sanitizePastedElement(pastedElement)
|
|
49
|
-
const sanitizedPastedContent = sanitizedPastedElement.innerHTML.trim()
|
|
50
|
-
const pastedURLs = extractURLsFromElement(pastedElement)
|
|
51
|
-
|
|
52
|
-
// no URLs were pasted, let Trix handle it ...............................................................
|
|
53
|
-
if (!pastedURLs.length) return
|
|
54
|
-
|
|
55
|
-
event.preventDefault()
|
|
56
|
-
this.editor.setSelectedRange(range)
|
|
57
|
-
const hosts = await this.hosts
|
|
58
|
-
const renderer = new Renderer(this)
|
|
80
|
+
if (this.formElement) this.formElement.trixEmbedPasting = true
|
|
59
81
|
|
|
60
82
|
try {
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
const
|
|
72
|
-
|
|
83
|
+
const { html, string, range } = event.paste
|
|
84
|
+
let content = html || string || ''
|
|
85
|
+
const pastedElement = this.createTemplateElement(content)
|
|
86
|
+
const pastedURLs = extractURLs(pastedElement)
|
|
87
|
+
|
|
88
|
+
// no URLs were pasted, let Trix handle it .............................................................
|
|
89
|
+
if (!pastedURLs.length) return
|
|
90
|
+
|
|
91
|
+
event.preventDefault()
|
|
92
|
+
this.editor.setSelectedRange(range)
|
|
93
|
+
const renderer = new Renderer(this)
|
|
94
|
+
|
|
95
|
+
try {
|
|
96
|
+
// Media URLs (images, videos, audio etc.)
|
|
97
|
+
const allowedMediaHosts = await this.allowedMediaHosts
|
|
98
|
+
const blockedMediaHosts = await this.blockedMediaHosts
|
|
99
|
+
let mediaURLs = new Set(pastedURLs.filter(url => getMediaType(url)))
|
|
100
|
+
const iframes = [...pastedElement.querySelectorAll('iframe')]
|
|
101
|
+
iframes.forEach(frame => mediaURLs.add(frame.src))
|
|
102
|
+
mediaURLs = [...mediaURLs]
|
|
103
|
+
const validMediaURLs = mediaURLs.filter(url =>
|
|
104
|
+
validateURL(url, allowedMediaHosts, blockedMediaHosts)
|
|
105
|
+
)
|
|
106
|
+
const invalidMediaURLs = mediaURLs.filter(url => !validMediaURLs.includes(url))
|
|
107
|
+
|
|
108
|
+
// Link URLs (non-media resources i.e. web pages etc.)
|
|
109
|
+
const allowedLinkHosts = await this.allowedLinkHosts
|
|
110
|
+
const blockedLinkHosts = await this.blockedLinkHosts
|
|
111
|
+
const linkURLs = pastedURLs.filter(url => !mediaURLs.includes(url))
|
|
112
|
+
const validLinkURLs = linkURLs.filter(url => validateURL(url, allowedLinkHosts, blockedLinkHosts))
|
|
113
|
+
const invalidLinkURLs = linkURLs.filter(url => !validLinkURLs.includes(url))
|
|
114
|
+
|
|
115
|
+
// 1. render warnings ................................................................................
|
|
116
|
+
if (invalidMediaURLs.length || invalidLinkURLs.length) {
|
|
117
|
+
const invalidURLs = [...new Set([...invalidMediaURLs, ...invalidLinkURLs])]
|
|
118
|
+
const allowedHosts = [...new Set([...allowedMediaHosts, ...allowedLinkHosts])].filter(
|
|
119
|
+
host => !this.reservedDomains.includes(host)
|
|
120
|
+
)
|
|
121
|
+
const blockedHosts = [...new Set([...blockedMediaHosts, ...blockedLinkHosts])].filter(
|
|
122
|
+
host => !this.reservedDomains.includes(host)
|
|
123
|
+
)
|
|
124
|
+
console.log('allowedHosts', allowedHosts)
|
|
125
|
+
console.log('blockedHosts', blockedHosts)
|
|
126
|
+
await this.insert(renderer.renderWarnings(invalidURLs, allowedHosts, blockedHosts))
|
|
127
|
+
}
|
|
128
|
+
|
|
129
|
+
// 2. render valid media urls (i.e. embeds) ..........................................................
|
|
130
|
+
if (validMediaURLs.length) await this.insert(renderer.renderEmbeds(validMediaURLs))
|
|
131
|
+
|
|
132
|
+
// 3. exit early if there is only 1 URL and it's a valid media URL (i.e. a single embed) .............
|
|
133
|
+
if (pastedURLs.length === 1 && validMediaURLs.length === 1) return
|
|
134
|
+
|
|
135
|
+
// 4. render the pasted content as HTML .............................................................
|
|
136
|
+
const sanitizedPastedElement = this.sanitizePastedElement(pastedElement, {
|
|
137
|
+
renderer,
|
|
138
|
+
validMediaURLs,
|
|
139
|
+
validLinkURLs
|
|
140
|
+
})
|
|
141
|
+
const sanitizedPastedContent = sanitizedPastedElement.innerHTML.trim()
|
|
142
|
+
if (sanitizedPastedContent.length)
|
|
143
|
+
await this.insert(sanitizedPastedContent, { disposition: 'inline' })
|
|
144
|
+
} catch (e) {
|
|
145
|
+
this.insert(renderer.renderError(e))
|
|
146
|
+
}
|
|
147
|
+
} finally {
|
|
148
|
+
if (this.formElement) delete this.formElement.trixEmbedPasting
|
|
149
|
+
}
|
|
150
|
+
}
|
|
73
151
|
|
|
74
|
-
|
|
152
|
+
createTemplateElement(content) {
|
|
153
|
+
const template = document.createElement('template')
|
|
154
|
+
template.innerHTML = `<div>${content.trim()}</div>`
|
|
155
|
+
return template.content.firstElementChild
|
|
156
|
+
}
|
|
75
157
|
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
158
|
+
extractLabelFromElement(el, options = { default: null }) {
|
|
159
|
+
let value = el.title
|
|
160
|
+
if (value && value.length) return value
|
|
79
161
|
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
if (urls.length) {
|
|
83
|
-
await this.insert(renderer.renderHeader('Pasted URLs'))
|
|
84
|
-
await this.insert(renderer.renderLinks(urls), { disposition: 'inline' })
|
|
85
|
-
}
|
|
162
|
+
value = el.textContent.trim()
|
|
163
|
+
if (value && value.length) return value
|
|
86
164
|
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
if (urls.length) {
|
|
90
|
-
if (urls.length > 1) await this.insert(renderer.renderHeader('Embedded Media'))
|
|
91
|
-
await this.insert(renderer.renderEmbeds(urls))
|
|
92
|
-
}
|
|
165
|
+
return options.default
|
|
166
|
+
}
|
|
93
167
|
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
if (urls.length) await this.insert(renderer.renderEmbeds(validStandardURLs))
|
|
168
|
+
sanitizePastedElement(element, options = { renderer: null, validMediaURLs: [], validLinkURLs: [] }) {
|
|
169
|
+
const { renderer, validMediaURLs, validLinkURLs } = options
|
|
97
170
|
|
|
98
|
-
|
|
99
|
-
if (validMediaURLs[0] === sanitizedPastedContent || validStandardURLs[0] === sanitizedPastedContent)
|
|
100
|
-
return this.editor.insertLineBreak()
|
|
171
|
+
element = element.cloneNode(true)
|
|
101
172
|
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
173
|
+
// sanitize text nodes
|
|
174
|
+
const walker = createURLTextNodeTreeWalker(element)
|
|
175
|
+
const textNodes = []
|
|
176
|
+
let textNode
|
|
177
|
+
while ((textNode = walker.nextNode())) {
|
|
178
|
+
textNode.replacements = textNode.replacements || new Set()
|
|
179
|
+
textNodes.push(textNode)
|
|
180
|
+
|
|
181
|
+
const words = textNode.nodeValue.split(/\s+/)
|
|
182
|
+
const matches = words.filter(word => word.startsWith('http'))
|
|
183
|
+
|
|
184
|
+
matches.forEach(match => {
|
|
185
|
+
const url = createURLObject(match)?.href
|
|
186
|
+
const replacement =
|
|
187
|
+
validLinkURLs.includes(url) || validLinkURLs.includes(url)
|
|
188
|
+
? renderer.render('link', { url, label: url })
|
|
189
|
+
: renderer.render('prohibited', { url, label: 'Prohibited URL:', description: '' })
|
|
190
|
+
textNode.replacements.add({ match, replacement })
|
|
191
|
+
})
|
|
110
192
|
}
|
|
111
|
-
|
|
193
|
+
textNodes.forEach(node => {
|
|
194
|
+
if (!node.replacements.size) return
|
|
195
|
+
let content = node.nodeValue
|
|
196
|
+
// sort by length to replace the most specific matches first
|
|
197
|
+
const replacements = [...node.replacements].sort((a, b) => b.match.length - a.match.length)
|
|
198
|
+
replacements.forEach(entry => (content = content.replaceAll(entry.match, entry.replacement)))
|
|
199
|
+
node.replaceWith(this.createTemplateElement(content))
|
|
200
|
+
})
|
|
112
201
|
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
202
|
+
// sanitize anchor tags
|
|
203
|
+
element.querySelectorAll('a').forEach(el => {
|
|
204
|
+
const url = extractURLFromElement(el)
|
|
205
|
+
const label = this.extractLabelFromElement(el, { default: url })
|
|
206
|
+
const replacement = validLinkURLs.includes(url)
|
|
207
|
+
? renderer.render('link', { url, label })
|
|
208
|
+
: renderer.render('prohibited', { url, label: 'Prohibited Link:', description: `(${label})` })
|
|
209
|
+
el.replaceWith(this.createTemplateElement(replacement))
|
|
210
|
+
})
|
|
118
211
|
|
|
119
|
-
|
|
120
|
-
element
|
|
121
|
-
|
|
212
|
+
// sanitize media tags
|
|
213
|
+
element.querySelectorAll(mediaTags.join(', ')).forEach(el => {
|
|
214
|
+
const url = extractURLFromElement(el)
|
|
215
|
+
const label = this.extractLabelFromElement(el, { default: url })
|
|
122
216
|
|
|
123
|
-
|
|
124
|
-
|
|
217
|
+
const replacement = validMediaURLs.includes(url)
|
|
218
|
+
? renderer.render('embedded', { url, label: 'Allowed Media:', description: '(Embedded Above)' })
|
|
219
|
+
: renderer.render('prohibited', { url, label: 'Prohibited Media:', description: '' })
|
|
125
220
|
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
221
|
+
el.replaceWith(this.createTemplateElement(replacement))
|
|
222
|
+
})
|
|
223
|
+
|
|
224
|
+
// sanitize newlines (best effort)
|
|
225
|
+
element.innerHTML.replaceAll(/(\n|\r|\f|\v)+/g, '<br>')
|
|
129
226
|
|
|
130
227
|
return element
|
|
131
228
|
}
|
|
132
229
|
|
|
133
|
-
|
|
230
|
+
createAttachment(content) {
|
|
231
|
+
return new Trix.Attachment({ content, contentType: trixEmbedMediaTypes.attachment })
|
|
232
|
+
}
|
|
233
|
+
|
|
234
|
+
insertNewlines(count = 1, options = { delay: 1 }) {
|
|
134
235
|
const { delay } = options
|
|
135
236
|
return new Promise(resolve => {
|
|
136
237
|
setTimeout(() => {
|
|
137
|
-
|
|
138
|
-
this.editor.insertAttachment(attachment)
|
|
238
|
+
for (let i = 0; i < count; i++) this.editor.insertLineBreak()
|
|
139
239
|
resolve()
|
|
140
240
|
}, delay)
|
|
141
241
|
})
|
|
142
242
|
}
|
|
143
243
|
|
|
144
|
-
|
|
244
|
+
insertAttachment(content, options = { delay: 1 }) {
|
|
245
|
+
const { delay } = options
|
|
246
|
+
return new Promise(resolve => {
|
|
247
|
+
setTimeout(() => {
|
|
248
|
+
this.editor.insertAttachment(this.createAttachment(content))
|
|
249
|
+
this.insertNewlines(1, { delay: delay }).finally(resolve)
|
|
250
|
+
}, delay)
|
|
251
|
+
})
|
|
252
|
+
}
|
|
253
|
+
|
|
254
|
+
insertHTML(content, options = { delay: 1 }) {
|
|
145
255
|
const { delay } = options
|
|
146
256
|
return new Promise(resolve => {
|
|
147
257
|
setTimeout(() => {
|
|
148
258
|
this.editor.insertHTML(content)
|
|
149
|
-
|
|
150
|
-
this.editor.moveCursorInDirection('forward')
|
|
151
|
-
this.editor.insertLineBreak()
|
|
152
|
-
this.editor.moveCursorInDirection('backward')
|
|
153
|
-
resolve()
|
|
259
|
+
this.insertNewlines(1, { delay }).finally(resolve)
|
|
154
260
|
}, delay)
|
|
155
261
|
})
|
|
156
262
|
}
|
|
157
263
|
|
|
158
|
-
insert(content, options = { delay:
|
|
159
|
-
|
|
264
|
+
insert(content, options = { delay: 1, disposition: 'attachment' }) {
|
|
265
|
+
let { delay, disposition } = options
|
|
160
266
|
|
|
161
267
|
if (content?.length) {
|
|
162
268
|
return new Promise(resolve => {
|
|
163
269
|
setTimeout(() => {
|
|
164
270
|
if (typeof content === 'string') {
|
|
165
|
-
|
|
166
|
-
|
|
271
|
+
return disposition === 'inline'
|
|
272
|
+
? this.insertHTML(content, { delay })
|
|
273
|
+
.catch(e => this.renderError(e))
|
|
274
|
+
.finally(resolve)
|
|
275
|
+
: this.insertAttachment(content, { delay })
|
|
276
|
+
.catch(e => this.renderError(e))
|
|
277
|
+
.finally(resolve)
|
|
167
278
|
}
|
|
168
279
|
|
|
169
280
|
if (Array.isArray(content)) {
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
.
|
|
173
|
-
.
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
.then(resolve)
|
|
281
|
+
const promises =
|
|
282
|
+
disposition === 'inline'
|
|
283
|
+
? content.map(c => this.insertHTML(c, { delay: delay + 1 }))
|
|
284
|
+
: content.map(c => this.insertAttachment(c, { delay: delay + 1 }))
|
|
285
|
+
return Promise.all(promises)
|
|
286
|
+
.catch(e => this.renderError(e))
|
|
287
|
+
.finally(resolve)
|
|
178
288
|
}
|
|
179
289
|
|
|
180
290
|
resolve()
|
|
@@ -185,27 +295,31 @@ export function getTrixEmbedControllerClass(options = defaultOptions) {
|
|
|
185
295
|
return Promise.resolve()
|
|
186
296
|
}
|
|
187
297
|
|
|
188
|
-
// Returns the Trix editor
|
|
189
|
-
//
|
|
190
|
-
// @returns {TrixEditor}
|
|
191
|
-
//
|
|
192
298
|
get editor() {
|
|
193
299
|
return this.element.editor
|
|
194
300
|
}
|
|
195
301
|
|
|
196
302
|
get toolbarElement() {
|
|
197
|
-
const
|
|
198
|
-
|
|
199
|
-
}
|
|
303
|
+
const id = this.element.getAttribute('toolbar')
|
|
304
|
+
let toolbar = id ? document.getElementById(id) : null
|
|
200
305
|
|
|
201
|
-
|
|
202
|
-
|
|
306
|
+
if (!toolbar) {
|
|
307
|
+
const sibling = this.element.previousElementSibling
|
|
308
|
+
toolbar = sibling?.tagName.match(/trix-toolbar/i) ? sibling : null
|
|
309
|
+
}
|
|
310
|
+
|
|
311
|
+
return toolbar
|
|
203
312
|
}
|
|
204
313
|
|
|
205
314
|
get formElement() {
|
|
206
315
|
return this.element.closest('form')
|
|
207
316
|
}
|
|
208
317
|
|
|
318
|
+
get inputElement() {
|
|
319
|
+
const id = this.element.getAttribute('input')
|
|
320
|
+
return id ? this.formElement?.querySelector(`#${id}`) : null
|
|
321
|
+
}
|
|
322
|
+
|
|
209
323
|
get paranoid() {
|
|
210
324
|
return !!this.store.read('paranoid')
|
|
211
325
|
}
|
|
@@ -213,42 +327,126 @@ export function getTrixEmbedControllerClass(options = defaultOptions) {
|
|
|
213
327
|
get key() {
|
|
214
328
|
try {
|
|
215
329
|
return JSON.parse(this.store.read('key'))[2]
|
|
216
|
-
} catch {}
|
|
217
|
-
}
|
|
218
|
-
|
|
219
|
-
get hosts() {
|
|
220
|
-
try {
|
|
221
|
-
return decryptValues(this.key, JSON.parse(this.store.read('hosts')))
|
|
222
330
|
} catch {
|
|
223
|
-
return
|
|
331
|
+
return null
|
|
224
332
|
}
|
|
225
333
|
}
|
|
226
334
|
|
|
335
|
+
get hostsValueDescriptors() {
|
|
336
|
+
return Object.values(this.valueDescriptorMap).filter(descriptor =>
|
|
337
|
+
descriptor.name.endsWith('HostsValue')
|
|
338
|
+
)
|
|
339
|
+
}
|
|
340
|
+
|
|
227
341
|
get reservedDomains() {
|
|
228
|
-
return [
|
|
342
|
+
return [
|
|
343
|
+
'embed.example',
|
|
344
|
+
'embed.invalid',
|
|
345
|
+
'embed.local',
|
|
346
|
+
'embed.localhost',
|
|
347
|
+
'embed.test',
|
|
348
|
+
'trix.embed.example',
|
|
349
|
+
'trix.embed.invalid',
|
|
350
|
+
'trix.embed.local',
|
|
351
|
+
'trix.embed.localhost',
|
|
352
|
+
'trix.embed.test',
|
|
353
|
+
'trix.example',
|
|
354
|
+
'trix.invalid',
|
|
355
|
+
'trix.local',
|
|
356
|
+
'trix.localhost',
|
|
357
|
+
'trix.test',
|
|
358
|
+
'www.embed.example',
|
|
359
|
+
'www.embed.invalid',
|
|
360
|
+
'www.embed.local',
|
|
361
|
+
'www.embed.localhost',
|
|
362
|
+
'www.embed.test',
|
|
363
|
+
'www.trix.example',
|
|
364
|
+
'www.trix.invalid',
|
|
365
|
+
'www.trix.local',
|
|
366
|
+
'www.trix.localhost',
|
|
367
|
+
'www.trix.test'
|
|
368
|
+
]
|
|
229
369
|
}
|
|
230
370
|
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
const hosts = await encryptValues(key, this.hostsValue)
|
|
371
|
+
rememberConfig() {
|
|
372
|
+
return new Promise(async resolve => {
|
|
373
|
+
let fakes
|
|
235
374
|
|
|
236
|
-
|
|
237
|
-
|
|
375
|
+
// encryption key
|
|
376
|
+
const key = await generateKey()
|
|
377
|
+
fakes = await encryptValues(key, sample(this.reservedDomains, 3))
|
|
378
|
+
this.store.write('key', JSON.stringify([fakes[0], fakes[1], key, fakes[2]]))
|
|
238
379
|
|
|
239
|
-
|
|
240
|
-
|
|
380
|
+
// paranoid
|
|
381
|
+
if (this.paranoidValue !== false) {
|
|
382
|
+
fakes = await encryptValues(key, sample(this.reservedDomains, 4))
|
|
383
|
+
this.store.write('paranoid', JSON.stringify(fakes))
|
|
384
|
+
}
|
|
385
|
+
this.element.removeAttribute('data-trix-embed-paranoid-value')
|
|
386
|
+
|
|
387
|
+
// host lists
|
|
388
|
+
//
|
|
389
|
+
// - allowedLinkHosts
|
|
390
|
+
// - blockedLinkHosts
|
|
391
|
+
// - allowedMediaHosts
|
|
392
|
+
// - blockedMediaHosts
|
|
393
|
+
// - etc.
|
|
394
|
+
//
|
|
395
|
+
this.hostsValueDescriptors.forEach(async descriptor => {
|
|
396
|
+
const { name } = descriptor
|
|
397
|
+
const property = name.slice(0, name.lastIndexOf('Value'))
|
|
398
|
+
|
|
399
|
+
let value = this[name]
|
|
400
|
+
|
|
401
|
+
// ensure minimum length to help with security-through-obscurity
|
|
402
|
+
if (value.length < 4) value = value.concat(sample(this.reservedDomains, 4 - value.length))
|
|
403
|
+
|
|
404
|
+
// store the property value
|
|
405
|
+
this.store.write(property, JSON.stringify(await encryptValues(key, value)))
|
|
406
|
+
|
|
407
|
+
// create the property getter (returns a promise)
|
|
408
|
+
if (!this.hasOwnProperty(property)) {
|
|
409
|
+
Object.defineProperty(this, property, {
|
|
410
|
+
get: async () => {
|
|
411
|
+
try {
|
|
412
|
+
const hosts = await decryptValues(this.key, JSON.parse(this.store.read(property)))
|
|
413
|
+
return hosts.filter(host => !this.reservedDomains.includes(host))
|
|
414
|
+
} catch (error) {
|
|
415
|
+
console.error(`Failed to get '${property}'!`, error)
|
|
416
|
+
return []
|
|
417
|
+
}
|
|
418
|
+
}
|
|
419
|
+
})
|
|
420
|
+
}
|
|
421
|
+
|
|
422
|
+
// cleanup the dom
|
|
423
|
+
this.element.removeAttribute(`data-trix-embed-${descriptor.key}`)
|
|
424
|
+
})
|
|
241
425
|
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
this.
|
|
245
|
-
|
|
426
|
+
// more security-through-obscurity
|
|
427
|
+
fakes = await encryptValues(key, sample(this.reservedDomains, 4))
|
|
428
|
+
this.store.write('securityHosts', fakes)
|
|
429
|
+
fakes = await encryptValues(key, sample(this.reservedDomains, 4))
|
|
430
|
+
this.store.write('obscurityHosts', fakes)
|
|
431
|
+
|
|
432
|
+
resolve()
|
|
433
|
+
})
|
|
246
434
|
}
|
|
247
435
|
|
|
248
436
|
forgetConfig() {
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
437
|
+
try {
|
|
438
|
+
this.store?.remove('key')
|
|
439
|
+
this.store?.remove('paranoid')
|
|
440
|
+
|
|
441
|
+
this.hostsValueDescriptors.forEach(async descriptor => {
|
|
442
|
+
const { name } = descriptor
|
|
443
|
+
const property = name.slice(0, name.lastIndexOf('Value'))
|
|
444
|
+
this.store?.remove(property)
|
|
445
|
+
})
|
|
446
|
+
|
|
447
|
+
this.store?.remove('securityHosts')
|
|
448
|
+
this.store?.remove('obscurityHosts')
|
|
449
|
+
} catch {}
|
|
252
450
|
}
|
|
253
451
|
}
|
|
254
452
|
}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
const random = cap => Math.floor(Math.random() * cap)
|
|
2
|
+
|
|
3
|
+
export const sample = (object, count = null) => {
|
|
4
|
+
const array = [...object]
|
|
5
|
+
if (count === 'all') count = array.length
|
|
6
|
+
const cap = array.length
|
|
7
|
+
const result = []
|
|
8
|
+
const indexes = new Set()
|
|
9
|
+
while (result.length < count) {
|
|
10
|
+
let i = random(cap)
|
|
11
|
+
while (indexes.has(i)) i = random(cap)
|
|
12
|
+
indexes.add(i)
|
|
13
|
+
result.push(array[i])
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
return typeof count === 'number' ? result : result[0]
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
export const shuffle = object => sample(object, 'all')
|