forked from mirrors/gecko-dev
120 lines
3.7 KiB
JavaScript
120 lines
3.7 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
/* globals catcher, callBackground, content */
|
|
/** This is a content script added to all screenshots.firefox.com pages, and allows the site to
|
|
communicate with the add-on */
|
|
|
|
"use strict";
|
|
|
|
this.sitehelper = (function() {
|
|
// This gives us the content's copy of XMLHttpRequest, instead of the wrapped
|
|
// copy that this content script gets:
|
|
const ContentXMLHttpRequest = content.XMLHttpRequest;
|
|
|
|
catcher.registerHandler(errorObj => {
|
|
callBackground("reportError", errorObj);
|
|
});
|
|
|
|
const capabilities = {};
|
|
function registerListener(name, func) {
|
|
capabilities[name] = name;
|
|
document.addEventListener(name, func);
|
|
}
|
|
|
|
function sendCustomEvent(name, detail) {
|
|
if (typeof detail === "object") {
|
|
// Note sending an object can lead to security problems, while a string
|
|
// is safe to transfer:
|
|
detail = JSON.stringify(detail);
|
|
}
|
|
document.dispatchEvent(new CustomEvent(name, { detail }));
|
|
}
|
|
|
|
/** Set the cookie, even if third-party cookies are disabled in this browser
|
|
(when they are disabled, login from the background page won't set cookies) */
|
|
function sendBackupCookieRequest(authHeaders) {
|
|
// See https://bugzilla.mozilla.org/show_bug.cgi?id=1295660
|
|
// This bug would allow us to access window.content.XMLHttpRequest, and get
|
|
// a safer (not overridable by content) version of the object.
|
|
|
|
// This is a very minimal attempt to verify that the XMLHttpRequest object we got
|
|
// is legitimate. It is not a good test.
|
|
if (
|
|
Object.toString.apply(ContentXMLHttpRequest) !==
|
|
"function XMLHttpRequest() {\n [native code]\n}"
|
|
) {
|
|
console.warn("Insecure copy of XMLHttpRequest");
|
|
return;
|
|
}
|
|
const req = new ContentXMLHttpRequest();
|
|
req.open("POST", "/api/set-login-cookie");
|
|
for (const name in authHeaders) {
|
|
req.setRequestHeader(name, authHeaders[name]);
|
|
}
|
|
req.send("");
|
|
req.onload = () => {
|
|
if (req.status !== 200) {
|
|
console.warn(
|
|
"Attempt to set Screenshots cookie via /api/set-login-cookie failed:",
|
|
req.status,
|
|
req.statusText,
|
|
req.responseText
|
|
);
|
|
}
|
|
};
|
|
}
|
|
|
|
registerListener(
|
|
"delete-everything",
|
|
catcher.watchFunction(event => {
|
|
// FIXME: reset some data in the add-on
|
|
}, false)
|
|
);
|
|
|
|
registerListener(
|
|
"request-login",
|
|
catcher.watchFunction(event => {
|
|
const shotId = event.detail;
|
|
catcher.watchPromise(
|
|
callBackground("getAuthInfo", shotId || null).then(info => {
|
|
if (info) {
|
|
sendBackupCookieRequest(info.authHeaders);
|
|
sendCustomEvent("login-successful", {
|
|
accountId: info.accountId,
|
|
isOwner: info.isOwner,
|
|
backupCookieRequest: true,
|
|
});
|
|
}
|
|
})
|
|
);
|
|
})
|
|
);
|
|
|
|
registerListener(
|
|
"copy-to-clipboard",
|
|
catcher.watchFunction(event => {
|
|
catcher.watchPromise(callBackground("copyShotToClipboard", event.detail));
|
|
})
|
|
);
|
|
|
|
registerListener(
|
|
"show-notification",
|
|
catcher.watchFunction(event => {
|
|
catcher.watchPromise(callBackground("showNotification", event.detail));
|
|
})
|
|
);
|
|
|
|
// Depending on the script loading order, the site might get the addon-present event,
|
|
// but probably won't - instead the site will ask for that event after it has loaded
|
|
registerListener(
|
|
"request-addon-present",
|
|
catcher.watchFunction(() => {
|
|
sendCustomEvent("addon-present", capabilities);
|
|
})
|
|
);
|
|
|
|
sendCustomEvent("addon-present", capabilities);
|
|
})();
|
|
null;
|