kopia lustrzana https://github.com/backface/turtlestitch
Disable JS-Functions to protect users from malicious scripts
commented out for nowpull/29/head
jmoenig
rodzic
81a0d30032
commit
1ecb97a972
16
gui.js
16
gui.js
|
|
@ -72,7 +72,7 @@ isRetinaSupported, SliderMorph, Animation*/
|
|||
|
||||
// Global stuff ////////////////////////////////////////////////////////
|
||||
|
||||
modules.gui = '2016-December-25';
|
||||
modules.gui = '2016-December-27';
|
||||
|
||||
// Declarations
|
||||
|
||||
|
|
@ -2411,6 +2411,20 @@ IDE_Morph.prototype.settingsMenu = function () {
|
|||
);
|
||||
}
|
||||
menu.addLine();
|
||||
/*
|
||||
addPreference(
|
||||
'JavaScript',
|
||||
function () {
|
||||
Process.prototype.enableJS = !Process.prototype.enableJS;
|
||||
myself.currentSprite.blocksCache.operators = null;
|
||||
myself.currentSprite.paletteCache.operators = null;
|
||||
myself.refreshPalette();
|
||||
},
|
||||
Process.prototype.enableJS,
|
||||
'uncheck to disable support for\nnative JavaScript functions',
|
||||
'check to support\nnative JavaScript functions'
|
||||
);
|
||||
*/
|
||||
if (isRetinaSupported()) {
|
||||
addPreference(
|
||||
'Retina display support',
|
||||
|
|
|
|||
|
|
@ -3219,6 +3219,10 @@ http://snap.berkeley.edu/run#cloud:Username=jens&ProjectName=rotation
|
|||
------
|
||||
* GUI: update undrop controls when switching sprites and display modes
|
||||
|
||||
161227
|
||||
------
|
||||
* GUI, Threads, Objects, Store: Disable JS-Functions, to protect users from malicious scripts, commented out for now
|
||||
|
||||
|
||||
== v4.10 === (in development)
|
||||
|
||||
|
|
|
|||
16
objects.js
16
objects.js
|
|
@ -82,7 +82,7 @@ SpeechBubbleMorph, RingMorph, isNil, FileReader, TableDialogMorph,
|
|||
BlockEditorMorph, BlockDialogMorph, PrototypeHatBlockMorph, localize,
|
||||
TableMorph, TableFrameMorph, normalizeCanvas, BooleanSlotMorph*/
|
||||
|
||||
modules.objects = '2016-December-23';
|
||||
modules.objects = '2016-December-27';
|
||||
|
||||
var SpriteMorph;
|
||||
var StageMorph;
|
||||
|
|
@ -2027,8 +2027,11 @@ SpriteMorph.prototype.blockTemplates = function (category) {
|
|||
blocks.push('-');
|
||||
blocks.push(block('reportIsA'));
|
||||
blocks.push(block('reportIsIdentical'));
|
||||
blocks.push('-');
|
||||
blocks.push(block('reportJSFunction'));
|
||||
|
||||
if (true) { // (Process.prototype.enableJS) {
|
||||
blocks.push('-');
|
||||
blocks.push(block('reportJSFunction'));
|
||||
}
|
||||
|
||||
// for debugging: ///////////////
|
||||
|
||||
|
|
@ -6201,8 +6204,11 @@ StageMorph.prototype.blockTemplates = function (category) {
|
|||
blocks.push('-');
|
||||
blocks.push(block('reportIsA'));
|
||||
blocks.push(block('reportIsIdentical'));
|
||||
blocks.push('-');
|
||||
blocks.push(block('reportJSFunction'));
|
||||
|
||||
if (true) { // (Process.prototype.enableJS) {
|
||||
blocks.push('-');
|
||||
blocks.push(block('reportJSFunction'));
|
||||
}
|
||||
|
||||
// for debugging: ///////////////
|
||||
|
||||
|
|
|
|||
12
store.js
12
store.js
|
|
@ -61,7 +61,7 @@ normalizeCanvas*/
|
|||
|
||||
// Global stuff ////////////////////////////////////////////////////////
|
||||
|
||||
modules.store = '2016-November-24';
|
||||
modules.store = '2016-December-27';
|
||||
|
||||
|
||||
// XML_Serializer ///////////////////////////////////////////////////////
|
||||
|
|
@ -1017,6 +1017,16 @@ SnapSerializer.prototype.loadBlock = function (model, isReporter) {
|
|||
model.attributes['var']
|
||||
);
|
||||
}
|
||||
/*
|
||||
if (model.attributes.s === 'reportJSFunction' &&
|
||||
!Process.prototype.enableJS) {
|
||||
if (window.confirm('enable JavaScript?')) {
|
||||
Process.prototype.enableJS = true;
|
||||
} else {
|
||||
throw new Error('JavaScript is not enabled');
|
||||
}
|
||||
}
|
||||
*/
|
||||
block = SpriteMorph.prototype.blockForSelector(model.attributes.s);
|
||||
} else if (model.tag === 'custom-block') {
|
||||
isGlobal = model.attributes.scope ? false : true;
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ StageMorph, SpriteMorph, StagePrompterMorph, Note, modules, isString, copy,
|
|||
isNil, WatcherMorph, List, ListWatcherMorph, alert, console, TableMorph,
|
||||
TableFrameMorph, ColorSlotMorph, isSnapObject*/
|
||||
|
||||
modules.threads = '2016-December-22';
|
||||
modules.threads = '2016-December-27';
|
||||
|
||||
var ThreadManager;
|
||||
var Process;
|
||||
|
|
@ -473,6 +473,7 @@ Process.prototype.isCatchingErrors = true;
|
|||
Process.prototype.enableLiveCoding = false; // experimental
|
||||
Process.prototype.enableSingleStepping = false; // experimental
|
||||
Process.prototype.flashTime = 0; // experimental
|
||||
// Process.prototype.enableJS = false;
|
||||
|
||||
function Process(topBlock, onComplete, rightAway) {
|
||||
this.topBlock = topBlock || null;
|
||||
|
|
@ -1000,6 +1001,11 @@ Process.prototype.evaluate = function (
|
|||
) {
|
||||
if (!context) {return null; }
|
||||
if (context instanceof Function) {
|
||||
/*
|
||||
if (!this.enableJS) {
|
||||
throw new Error('JavaScript is not enabled');
|
||||
}
|
||||
*/
|
||||
return context.apply(
|
||||
this.blockReceiver(),
|
||||
args.asArray().concat([this])
|
||||
|
|
|
|||
Ładowanie…
Reference in New Issue