EVOgeek
/
Vmeda.Online
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MOBILE-3833 core: Hide sensitive info in open browser warning

main
Dani Palou 2022-04-14 11:47:39 +02:00
parent f332b65100
commit 542604f894
3 changed files with 8 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/core/classes/site.ts
View File

@ -46,7 +46,6 @@ import { asyncInstance, AsyncInstance } from '../utils/async-instance';
import { CoreDatabaseTable } from './database/database-table'; import { CoreDatabaseTable } from './database/database-table';
import { CoreDatabaseCachingStrategy } from './database/database-table-proxy'; import { CoreDatabaseCachingStrategy } from './database/database-table-proxy';
import { CoreSilentError } from './errors/silenterror'; import { CoreSilentError } from './errors/silenterror';
import { CoreWindow } from '@singletons/window';
/** /**
* QR Code type enumeration. * QR Code type enumeration.
@ -1608,16 +1607,7 @@ export class CoreSite {
if (inApp) { if (inApp) {
return CoreUtils.openInApp(autoLoginUrl, options); return CoreUtils.openInApp(autoLoginUrl, options);
} else { } else {
if ((options.showBrowserWarning || options.showBrowserWarning === undefined) && autoLoginUrl !== url) { options.browserWarningUrl = url;
// Don't display the autologin URL in the warning.
try {
await CoreWindow.confirmOpenBrowserIfNeeded(url);
options.showBrowserWarning = false;
} catch (error) {
return; // Cancelled, stop.
}
}
return CoreUtils.openInBrowser(autoLoginUrl, options); return CoreUtils.openInBrowser(autoLoginUrl, options);
} }

3
src/core/services/utils/utils.ts
View File

@ -1112,7 +1112,7 @@ export class CoreUtilsProvider {
async openInBrowser(url: string, options: CoreUtilsOpenInBrowserOptions = {}): Promise<void> { async openInBrowser(url: string, options: CoreUtilsOpenInBrowserOptions = {}): Promise<void> {
if (options.showBrowserWarning || options.showBrowserWarning === undefined) { if (options.showBrowserWarning || options.showBrowserWarning === undefined) {
try { try {
await CoreWindow.confirmOpenBrowserIfNeeded(url); await CoreWindow.confirmOpenBrowserIfNeeded(options.browserWarningUrl ?? url);
} catch (error) { } catch (error) {
return; // Cancelled, stop. return; // Cancelled, stop.
} }
@ -1836,6 +1836,7 @@ export type CoreUtilsOpenFileOptions = {
*/ */
export type CoreUtilsOpenInBrowserOptions = { export type CoreUtilsOpenInBrowserOptions = {
showBrowserWarning?: boolean; // Whether to display a warning before opening in browser. Defaults to true. showBrowserWarning?: boolean; // Whether to display a warning before opening in browser. Defaults to true.
browserWarningUrl?: string; // The URL to display in the warning message. Use it to hide sensitive information.
}; };
/** /**

5
src/core/singletons/window.ts
View File

@ -61,6 +61,11 @@ export class CoreWindow {
return; return;
} }
// Remove common sensitive information from the URL.
url = url
.replace(/token=[^&#]+/gi, 'token=secret')
.replace(/tokenpluginfile\.php\/[^/]+/gi, 'tokenpluginfile.php/secret');
const dontShowAgain = await CoreDomUtils.showPrompt( const dontShowAgain = await CoreDomUtils.showPrompt(
Translate.instant('core.warnopeninbrowser', { url }), Translate.instant('core.warnopeninbrowser', { url }),
undefined, undefined,