From acef56b1ea7811c02a47f2da9291a0d2e5781957 Mon Sep 17 00:00:00 2001 From: Jaco Greeff Date: Fri, 16 Feb 2018 14:33:02 +0100 Subject: [PATCH] [beta] Wallet allowJsEval: true (#7913) * [beta] Wallet allowJsEval: true * Fix unsafe wallet. * Enable unsafe-eval for all dapps. --- dapps/src/apps/mod.rs | 18 ++++++++++++------ dapps/src/page/builtin.rs | 14 ++++++++------ js-old/src/manifest.json | 1 + 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/dapps/src/apps/mod.rs b/dapps/src/apps/mod.rs index e7657736d..79a8e706d 100644 --- a/dapps/src/apps/mod.rs +++ b/dapps/src/apps/mod.rs @@ -44,7 +44,7 @@ pub const WEB_PATH: &'static str = "web"; pub const URL_REFERER: &'static str = "__referer="; pub fn utils(pool: CpuPool) -> Box { - Box::new(page::builtin::Dapp::new(pool, parity_ui::App::default())) + Box::new(page::builtin::Dapp::new(pool, false, parity_ui::App::default())) } pub fn ui(pool: CpuPool) -> Box { @@ -76,9 +76,9 @@ pub fn all_endpoints( } // NOTE [ToDr] Dapps will be currently embeded on 8180 - insert::(&mut pages, "ui", Embeddable::Yes(embeddable.clone()), pool.clone()); + insert::(&mut pages, "ui", Embeddable::Yes(embeddable.clone()), pool.clone(), true); // old version - insert::(&mut pages, "v1", Embeddable::Yes(embeddable.clone()), pool.clone()); + insert::(&mut pages, "v1", Embeddable::Yes(embeddable.clone()), pool.clone(), true); pages.insert("proxy".into(), ProxyPac::boxed(embeddable.clone(), dapps_domain.to_owned())); pages.insert(WEB_PATH.into(), Web::boxed(embeddable.clone(), web_proxy_tokens.clone(), fetch.clone())); @@ -86,10 +86,16 @@ pub fn all_endpoints( (local_endpoints, pages) } -fn insert(pages: &mut Endpoints, id: &str, embed_at: Embeddable, pool: CpuPool) { +fn insert( + pages: &mut Endpoints, + id: &str, + embed_at: Embeddable, + pool: CpuPool, + allow_js_eval: bool, +) { pages.insert(id.to_owned(), Box::new(match embed_at { - Embeddable::Yes(address) => page::builtin::Dapp::new_safe_to_embed(pool, T::default(), address), - Embeddable::No => page::builtin::Dapp::new(pool, T::default()), + Embeddable::Yes(address) => page::builtin::Dapp::new_safe_to_embed(pool, allow_js_eval, T::default(), address), + Embeddable::No => page::builtin::Dapp::new(pool, allow_js_eval, T::default()), })); } diff --git a/dapps/src/page/builtin.rs b/dapps/src/page/builtin.rs index 827fe27a3..ff1ee97b3 100644 --- a/dapps/src/page/builtin.rs +++ b/dapps/src/page/builtin.rs @@ -38,13 +38,14 @@ pub struct Dapp { impl Dapp { /// Creates new `Dapp` for builtin (compile time) Dapp. - pub fn new(pool: CpuPool, app: T) -> Self { - let info = app.info(); + pub fn new(pool: CpuPool, allow_js_eval: bool, app: T) -> Self { + let mut info = EndpointInfo::from(app.info()); + info.allow_js_eval = Some(allow_js_eval); Dapp { pool, app, safe_to_embed_on: None, - info: EndpointInfo::from(info), + info, fallback_to_index_html: false, } } @@ -65,13 +66,14 @@ impl Dapp { /// Creates new `Dapp` which can be safely used in iframe /// even from different origin. It might be dangerous (clickjacking). /// Use wisely! - pub fn new_safe_to_embed(pool: CpuPool, app: T, address: Embeddable) -> Self { - let info = app.info(); + pub fn new_safe_to_embed(pool: CpuPool, allow_js_eval: bool, app: T, address: Embeddable) -> Self { + let mut info = EndpointInfo::from(app.info()); + info.allow_js_eval = Some(allow_js_eval); Dapp { pool, app, safe_to_embed_on: address, - info: EndpointInfo::from(info), + info, fallback_to_index_html: false, } } diff --git a/js-old/src/manifest.json b/js-old/src/manifest.json index 0fc9b44f3..dd9bc7abb 100644 --- a/js-old/src/manifest.json +++ b/js-old/src/manifest.json @@ -4,4 +4,5 @@ "author": "Parity ", "description": "Parity Wallet and Account management tools", "iconUrl": "icon.png", + "allowJsEval": true }