Add ability to disable user code on page load

Adding `run=disabled` to the uri will disable the page from running user code. This is useful for pages that have frozen to to infinite loops or untrusted links that may be malicious
2015-12-03 14:07:39 -08:00
parent 09e8be03e3
commit 81028fceac
2 changed files with 33 additions and 13 deletions
--- a/client/commonFramework/code-uri.js
+++ b/client/commonFramework/code-uri.js
@ -42,6 +42,8 @@ window.common = (function(global) {
      return decoded
        .split('?')
        .splice(1)
+        .pop()
+        .split('&')
        .reduce(function(found, param) {
          var key = param.split('=')[0];
          if (key === 'solution') {
@ -55,6 +57,23 @@ window.common = (function(global) {
        codeUri.isInQuery(location.search) ||
        codeUri.isInQuery(location.hash);
    },
+    getKeyInQuery(query, keyToFind = '') {
+      return query
+        .split('&')
+        .reduce(function(oldValue, param) {
+          var key = param.split('=')[0];
+          var value = param.split('=')[1];
+          if (key === keyToFind) {
+            return value;
+          }
+          return oldValue;
+        }, null);
+    },
+    getSolutionFromQuery(query = '') {
+      return decodeFcc(
+        codeUri.decode(codeUri.getKeyInQuery(query, 'solution'))
+      );
+    },
    parse: function() {
      if (!codeUri.enabled) {
        return null;
@ -62,6 +81,7 @@ window.common = (function(global) {
      var query;
      if (location.search && codeUri.isInQuery(location.search)) {
        query = location.search.replace(/^\?/, '');
+
        if (history && typeof history.replaceState === 'function') {
          history.replaceState(
            history.state,
@ -73,20 +93,12 @@ window.common = (function(global) {
      } else {
        query = location.hash.replace(/^\#\?/, '');
      }
+
      if (!query) {
        return null;
      }

-      return query
-        .split('&')
-        .reduce(function(solution, param) {
-          var key = param.split('=')[0];
-          var value = param.split('=')[1];
-          if (key === 'solution') {
-            return decodeFcc(codeUri.decode(value || ''));
-          }
-          return solution;
-        }, null);
+      return this.getSolutionFromQuery(query);
    },
    querify: function(solution) {
      if (!codeUri.enabled) {
@ -96,7 +108,9 @@ window.common = (function(global) {
        history.replaceState(
          history.state,
          null,
-          '?solution=' + codeUri.encode(encodeFcc(solution))
+          '#?solution=' +
+            codeUri.encode(encodeFcc(solution)) +
+            (codeUri.shouldRun() ? '&run=disabled' : '' )
        );
      } else {
        location.hash = '?solution=' +
@ -105,7 +119,13 @@ window.common = (function(global) {

      return solution;
    },
-    enabled: true
+    enabled: true,
+    shouldRun() {
+      return !this.getKeyInQuery(
+        (location.search || location.hash).replace(/^(\?|#\?)/, ''),
+        'run'
+      );
+    }
  };

  common.init.push(function() {
--- a/client/commonFramework/update-preview.js
+++ b/client/commonFramework/update-preview.js
@ -74,7 +74,7 @@ window.common = (function(global) {
        preview.write(
          libraryIncludes +
          jQuery +
-          code +
+          (common.codeUri.shouldRun() ? code : '' ) +
          '<!-- -->' +
          iframeScript
        );