[beta] Wallet allowJsEval: true (#7913)

* [beta] Wallet allowJsEval: true * Fix unsafe wallet. * Enable unsafe-eval for all dapps.
2018-02-16 14:33:02 +01:00 · 2018-02-16 14:33:02 +01:00 · acef56b1ea
commit acef56b1ea
parent 14d29798e3
3 changed files with 21 additions and 12 deletions
--- a/dapps/src/apps/mod.rs
+++ b/dapps/src/apps/mod.rs
@ -44,7 +44,7 @@ pub const WEB_PATH: &'static str = "web";
 pub const URL_REFERER: &'static str = "__referer=";

 pub fn utils(pool: CpuPool) -> Box<Endpoint> {
-	Box::new(page::builtin::Dapp::new(pool, parity_ui::App::default()))
+	Box::new(page::builtin::Dapp::new(pool, false, parity_ui::App::default()))
 }

 pub fn ui(pool: CpuPool) -> Box<Endpoint> {
@ -76,9 +76,9 @@ pub fn all_endpoints<F: Fetch>(
 	}

 	// NOTE [ToDr] Dapps will be currently embeded on 8180
-	insert::<parity_ui::App>(&mut pages, "ui", Embeddable::Yes(embeddable.clone()), pool.clone());
+	insert::<parity_ui::App>(&mut pages, "ui", Embeddable::Yes(embeddable.clone()), pool.clone(), true);
 	// old version
-	insert::<parity_ui::old::App>(&mut pages, "v1", Embeddable::Yes(embeddable.clone()), pool.clone());
+	insert::<parity_ui::old::App>(&mut pages, "v1", Embeddable::Yes(embeddable.clone()), pool.clone(), true);

 	pages.insert("proxy".into(), ProxyPac::boxed(embeddable.clone(), dapps_domain.to_owned()));
 	pages.insert(WEB_PATH.into(), Web::boxed(embeddable.clone(), web_proxy_tokens.clone(), fetch.clone()));
@ -86,10 +86,16 @@ pub fn all_endpoints<F: Fetch>(
 	(local_endpoints, pages)
 }

-fn insert<T : WebApp + Default + 'static>(pages: &mut Endpoints, id: &str, embed_at: Embeddable, pool: CpuPool) {
+fn insert<T : WebApp + Default + 'static>(
+	pages: &mut Endpoints,
+	id: &str,
+	embed_at: Embeddable,
+	pool: CpuPool,
+	allow_js_eval: bool,
+) {
 	pages.insert(id.to_owned(), Box::new(match embed_at {
-		Embeddable::Yes(address) => page::builtin::Dapp::new_safe_to_embed(pool, T::default(), address),
-		Embeddable::No => page::builtin::Dapp::new(pool, T::default()),
+		Embeddable::Yes(address) => page::builtin::Dapp::new_safe_to_embed(pool, allow_js_eval, T::default(), address),
+		Embeddable::No => page::builtin::Dapp::new(pool, allow_js_eval, T::default()),
 	}));
 }

--- a/dapps/src/page/builtin.rs
+++ b/dapps/src/page/builtin.rs
@ -38,13 +38,14 @@ pub struct Dapp<T: WebApp + 'static> {

 impl<T: WebApp + 'static> Dapp<T> {
 	/// Creates new `Dapp` for builtin (compile time) Dapp.
-	pub fn new(pool: CpuPool, app: T) -> Self {
-		let info = app.info();
+	pub fn new(pool: CpuPool, allow_js_eval: bool, app: T) -> Self {
+		let mut info = EndpointInfo::from(app.info());
+		info.allow_js_eval = Some(allow_js_eval);
 		Dapp {
 			pool,
 			app,
 			safe_to_embed_on: None,
-			info: EndpointInfo::from(info),
+			info,
 			fallback_to_index_html: false,
 		}
 	}
@ -65,13 +66,14 @@ impl<T: WebApp + 'static> Dapp<T> {
 	/// Creates new `Dapp` which can be safely used in iframe
 	/// even from different origin. It might be dangerous (clickjacking).
 	/// Use wisely!
-	pub fn new_safe_to_embed(pool: CpuPool, app: T, address: Embeddable) -> Self {
-		let info = app.info();
+	pub fn new_safe_to_embed(pool: CpuPool, allow_js_eval: bool, app: T, address: Embeddable) -> Self {
+		let mut info = EndpointInfo::from(app.info());
+		info.allow_js_eval = Some(allow_js_eval);
 		Dapp {
 			pool,
 			app,
 			safe_to_embed_on: address,
-			info: EndpointInfo::from(info),
+			info,
 			fallback_to_index_html: false,
 		}
 	}
--- a/js-old/src/manifest.json
+++ b/js-old/src/manifest.json
@ -4,4 +4,5 @@
  "author": "Parity <admin@parity.io>",
  "description": "Parity Wallet and Account management tools",
  "iconUrl": "icon.png",
+  "allowJsEval": true
 }