oci/zeronet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

New NOSANDBOX permission to remove sandboxed iframe restrictions

Browse source
This commit is contained in:
shortcutme 2018-02-21 03:12:51 +01:00
parent aef3ecc3f2
commit 6afe2dd720
No known key found for this signature in database
GPG key ID: 5B63BAE6CB9613AE
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Ui/UiRequest.py
View file

@ -368,6 +368,10 @@ class UiRequest(object):
sandbox_permissions = "" sandbox_permissions = ""
if "NOSANDBOX" in site.settings["permissions"]:
sandbox_permissions += " allow-same-origin"
if show_loadingscreen is None: if show_loadingscreen is None:
show_loadingscreen = not site.storage.isFile(file_inner_path) show_loadingscreen = not site.storage.isFile(file_inner_path)
@ -448,6 +452,7 @@ class UiRequest(object):
address = path_parts["address"] address = path_parts["address"]
file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"]) file_path = "%s/%s/%s" % (config.data_dir, address, path_parts["inner_path"])
if config.debug and file_path.split("/")[-1].startswith("all."): if config.debug and file_path.split("/")[-1].startswith("all."):
# If debugging merge *.css to all.css and *.js to all.js # If debugging merge *.css to all.css and *.js to all.js
site = self.server.sites.get(address) site = self.server.sites.get(address)

2
src/Ui/UiWebsocket.py
View file

@ -760,6 +760,8 @@ class UiWebsocket(object):
def actionPermissionDetails(self, to, permission): def actionPermissionDetails(self, to, permission):
if permission == "ADMIN": if permission == "ADMIN":
self.response(to, _["Modify your client's configuration and access all site"] + " <span style='color: red'>" + _["(Dangerous!)"] + "</span>") self.response(to, _["Modify your client's configuration and access all site"] + " <span style='color: red'>" + _["(Dangerous!)"] + "</span>")
elif permission == "NOSANDBOX":
self.response(to, _["Full access to site data, cookie and local storage of all site."])
else: else:
self.response(to, "") self.response(to, "")