diff --git a/src/components/views/elements/AppPermission.js b/src/components/views/elements/AppPermission.js new file mode 100644 index 0000000000..a6ecd7b5f7 --- /dev/null +++ b/src/components/views/elements/AppPermission.js @@ -0,0 +1,43 @@ +import React from 'react'; +import PropTypes from 'prop-types'; +import { URL, URLSearchParams } from 'url'; + +export default class AppPermission extends React.Component { + constructor(props) { + super(props); + + this.state = { + curl: this.getCurl(), + }; + } + + getCurl() { + let wurl = URL.parse(this.props.url); + console.log('wurl', wurl); + if(wurl.searchParams.get('url')) { + let curl = wurl.searchParams.get('url'); + console.log('curl', curl); + } + } + + render() { + return ( +
+ Load widget with URL : {this.state.cUrl} + +
+ ); + } +} + +AppPermission.propTypes = { + url: PropTypes.string.isRequired, + onPermissionGranted: PropTypes.func.isRequired, +}; +AppPermission.defaultPropTypes = { + onPermissionGranted: function() {}, +}; diff --git a/src/components/views/elements/AppTile.js b/src/components/views/elements/AppTile.js index 9573b9fd9f..994b613b41 100644 --- a/src/components/views/elements/AppTile.js +++ b/src/components/views/elements/AppTile.js @@ -24,6 +24,7 @@ import SdkConfig from '../../../SdkConfig'; import Modal from '../../../Modal'; import { _t } from '../../../languageHandler'; import sdk from '../../../index'; +import AppPermission from './AppPermission'; const ALLOWED_APP_URL_SCHEMES = ['https:', 'http:']; const betaHelpMsg = 'This feature is currently experimental and is intended for beta testing only'; @@ -46,9 +47,12 @@ export default React.createClass({ }, getInitialState: function() { + const widgetPermissionId = [this.props.room.roomId, encodeURIComponent(this.props.url)].join('_'); return { loading: false, widgetUrl: this.props.url, + widgetPermissionId: widgetPermissionId, + hasPermissionToLoad: localStorage.getItem(widgetPermissionId), error: null, deleting: false, }; @@ -116,6 +120,11 @@ export default React.createClass({ }); }, + _grantWidgetPermission() { + console.warn('Granting permission to load widget - ', this.state.widgetUrl); + localStorage.setItem(this.state.widgetPermissionId, true); + }, + formatAppTileName: function() { let appTileName = "No name"; if(this.props.name && this.props.name.trim()) { @@ -133,30 +142,40 @@ export default React.createClass({ return
; } + // Note that there is advice saying allow-scripts shouldn't be used with allow-same-origin + // because that would allow the iframe to prgramatically remove the sandbox attribute, but + // this would only be for content hosted on the same origin as the riot client: anything + // hosted on the same origin as the client will get the same access as if you clicked + // a link to it. + const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+ + "allow-same-origin allow-scripts"; + const parsedWidgetUrl = url.parse(this.state.widgetUrl); + let safeWidgetUrl = ''; + if (ALLOWED_APP_URL_SCHEMES.indexOf(parsedWidgetUrl.protocol) !== -1) { + safeWidgetUrl = url.format(parsedWidgetUrl); + } + if (this.state.loading) { appTileBody = (
Loading...
); - } else { - // Note that there is advice saying allow-scripts shouldn't be used with allow-same-origin - // because that would allow the iframe to prgramatically remove the sandbox attribute, but - // this would only be for content hosted on the same origin as the riot client: anything - // hosted on the same origin as the client will get the same access as if you clicked - // a link to it. - const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+ - "allow-same-origin allow-scripts"; - const parsedWidgetUrl = url.parse(this.state.widgetUrl); - let safeWidgetUrl = ''; - if (ALLOWED_APP_URL_SCHEMES.indexOf(parsedWidgetUrl.protocol) !== -1) { - safeWidgetUrl = url.format(parsedWidgetUrl); - } + } else if (this.state.hasPermissionToLoad === true) { appTileBody = (
-
); + } else { + appTileBody = ( + + ); } // editing is done in scalar