mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-20 15:36:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

cookies: Use js-cookie to read and write cookies

Browse source 
Rather than reinvent the wheel, use a well-tested library to parse and
write cookies. This should also help prevent XSS vulnerabilities
because the library handles special characters such as semicolon.
This commit is contained in:
Richard Hansen 2020-10-02 18:43:12 -04:00 committed by John McLear
parent d55edebddd
commit 3ab0f30ac8
9 changed files with 54 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

34
src/static/js/pad.js
View file

@ -30,6 +30,7 @@ require('./jquery');
require('./farbtastic');
require('./excanvas');
const Cookies = require('./pad_utils').Cookies;
var chat = require('./chat').chat;
var getCollabClient = require('./collab_client').getCollabClient;
var padconnectionstatus = require('./pad_connectionstatus').padconnectionstatus;
@ -42,8 +43,6 @@ var padsavedrevs = require('./pad_savedrevs');
var paduserlist = require('./pad_userlist').paduserlist;
var padutils = require('./pad_utils').padutils;
var colorutils = require('./colorutils').colorutils;
var createCookie = require('./pad_utils').createCookie;
var readCookie = require('./pad_utils').readCookie;
var randomString = require('./pad_utils').randomString;
var gritter = require('./gritter').gritter;
@ -83,7 +82,7 @@ var getParameters = [
{ name: "rtl", checkVal: "true", callback: function(val) { settings.rtlIsTrue = true } },
{ name: "alwaysShowChat", checkVal: "true", callback: function(val) { if(!settings.hideChat) chat.stickToScreen(); } },
{ name: "chatAndUsers", checkVal: "true", callback: function(val) { chat.chatAndUsers(); } },
{ name: "lang", checkVal: null, callback: function(val) { window.html10n.localize([val, 'en']); createCookie('language', val); } }
{ name: "lang", checkVal: null, callback: function(val) { window.html10n.localize([val, 'en']); Cookies.set('language', val); } },
];
function getParams()
@ -130,7 +129,7 @@ function getUrlVars()
function savePassword()
{
//set the password cookie
createCookie("password",$("#passwordinput").val(),null,document.location.pathname);
Cookies.set('password', $('#passwordinput').val(), {path: document.location.pathname});
//reload
document.location=document.location;
return false;
@ -149,25 +148,21 @@ function sendClientReady(isReconnect, messageType)
document.title = padId.replace(/_+/g, ' ') + " | " + title;
}
var token = readCookie("token");
let token = Cookies.get('token');
if (token == null)
{
token = "t." + randomString();
createCookie("token", token, 60);
Cookies.set('token', token, {expires: 60});
}
var encodedSessionID = readCookie('sessionID');
var sessionID = encodedSessionID == null ? null : decodeURIComponent(encodedSessionID);
var password = readCookie("password");
var msg = {
"component": "pad",
"type": messageType,
"padId": padId,
"sessionID": sessionID,
"password": password,
"token": token,
"protocolVersion": 2
const msg = {
component: 'pad',
type: messageType,
padId: padId,
sessionID: Cookies.get('sessionID'),
password: Cookies.get('password'),
token: token,
protocolVersion: 2
};
// this is a reconnect, lets tell the server our revisionnumber
@ -456,7 +451,6 @@ var pad = {
{
pad.collabClient.sendClientMessage(msg);
},
createCookie: createCookie,
init: function()
{
@ -957,8 +951,6 @@ var settings = {
pad.settings = settings;
exports.baseURL = '';
exports.settings = settings;
exports.createCookie = createCookie;
exports.readCookie = readCookie;
exports.randomString = randomString;
exports.getParams = getParams;
exports.getUrlVars = getUrlVars;