gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add ability to disable user code on page load

Browse Source 
Adding `run=disabled` to the uri will disable the
page from running user code.

This is useful for pages that have frozen to to infinite loops
or untrusted links that may be malicious
This commit is contained in:
Berkeley Martinez
2015-12-03 14:07:39 -08:00
parent 09e8be03e3
commit 81028fceac
2 changed files with 33 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
client/commonFramework/code-uri.js
View File

@ -42,6 +42,8 @@ window.common = (function(global) {
return decoded return decoded
.split('?') .split('?')
.splice(1) .splice(1)
.pop()
.split('&')
.reduce(function(found, param) { .reduce(function(found, param) {
var key = param.split('=')[0]; var key = param.split('=')[0];
if (key === 'solution') { if (key === 'solution') {
@ -55,6 +57,23 @@ window.common = (function(global) {
codeUri.isInQuery(location.search) || codeUri.isInQuery(location.search) ||
codeUri.isInQuery(location.hash); codeUri.isInQuery(location.hash);
}, },
getKeyInQuery(query, keyToFind = '') {
return query
.split('&')
.reduce(function(oldValue, param) {
var key = param.split('=')[0];
var value = param.split('=')[1];
if (key === keyToFind) {
return value;
}
return oldValue;
}, null);
},
getSolutionFromQuery(query = '') {
return decodeFcc(
codeUri.decode(codeUri.getKeyInQuery(query, 'solution'))
);
},
parse: function() { parse: function() {
if (!codeUri.enabled) { if (!codeUri.enabled) {
return null; return null;
@ -62,6 +81,7 @@ window.common = (function(global) {
var query; var query;
if (location.search && codeUri.isInQuery(location.search)) { if (location.search && codeUri.isInQuery(location.search)) {
query = location.search.replace(/^\?/, ''); query = location.search.replace(/^\?/, '');
if (history && typeof history.replaceState === 'function') { if (history && typeof history.replaceState === 'function') {
history.replaceState( history.replaceState(
history.state, history.state,
@ -73,20 +93,12 @@ window.common = (function(global) {
} else { } else {
query = location.hash.replace(/^\#\?/, ''); query = location.hash.replace(/^\#\?/, '');
} }
if (!query) { if (!query) {
return null; return null;
} }
return query return this.getSolutionFromQuery(query);
.split('&')
.reduce(function(solution, param) {
var key = param.split('=')[0];
var value = param.split('=')[1];
if (key === 'solution') {
return decodeFcc(codeUri.decode(value || ''));
}
return solution;
}, null);
}, },
querify: function(solution) { querify: function(solution) {
if (!codeUri.enabled) { if (!codeUri.enabled) {
@ -96,7 +108,9 @@ window.common = (function(global) {
history.replaceState( history.replaceState(
history.state, history.state,
null, null,
'?solution=' + codeUri.encode(encodeFcc(solution)) '#?solution=' +
codeUri.encode(encodeFcc(solution)) +
(codeUri.shouldRun() ? '&run=disabled' : '' )
); );
} else { } else {
location.hash = '?solution=' + location.hash = '?solution=' +
@ -105,7 +119,13 @@ window.common = (function(global) {
return solution; return solution;
}, },
enabled: true enabled: true,
shouldRun() {
return !this.getKeyInQuery(
(location.search || location.hash).replace(/^(\?|#\?)/, ''),
'run'
);
}
}; };
common.init.push(function() { common.init.push(function() {

2
client/commonFramework/update-preview.js
View File

@ -74,7 +74,7 @@ window.common = (function(global) {
preview.write( preview.write(
libraryIncludes + libraryIncludes +
jQuery + jQuery +
code + (common.codeUri.shouldRun() ? code : '' ) +
'<!-- -->' + '<!-- -->' +
iframeScript iframeScript
); );