From 5b96b85f1a2500dcefb0a739399f77edf5ae78d6 Mon Sep 17 00:00:00 2001 From: Fons van der Plas Date: Wed, 6 Sep 2023 22:36:00 +0200 Subject: [PATCH] Warn when including PasswordField content in an html export --- frontend/components/ExportBanner.js | 66 +++++++++++++++++++---------- 1 file changed, 43 insertions(+), 23 deletions(-) diff --git a/frontend/components/ExportBanner.js b/frontend/components/ExportBanner.js index 0c1bac5383..2188763d9b 100644 --- a/frontend/components/ExportBanner.js +++ b/frontend/components/ExportBanner.js @@ -26,8 +26,23 @@ const Square = ({ fill }) => html` ` -//@ts-ignore -window.enable_secret_pluto_recording = true +export const WarnForVisisblePasswords = () => { + if ( + Array.from(document.querySelectorAll("bond")).some((bond_el) => + Array.from(bond_el.querySelectorAll(`input[type="password"]`)).some((input) => { + // @ts-ignore + if (input?.value !== "") { + input.scrollIntoView() + return true + } + }) + ) + ) { + alert( + "Warning: this notebook includes a password input with something typed in it. The contents of this password field will be included in the exported file in an unsafe way. \n\nClear the password field and export again to avoid this problem." + ) + } +} export const ExportBanner = ({ notebook_id, onClose, notebookfile_url, notebookexport_url, start_recording }) => { // @ts-ignore @@ -49,7 +64,16 @@ export const ExportBanner = ({ notebook_id, onClose, notebookfile_url, notebooke
<${Triangle} fill="#a270ba" /> Notebook file
Download a copy of the .jl script.
- exportNotebook(e, 1)}> + { + WarnForVisisblePasswords() + exportNotebook(e, 1) + }} + >
<${Square} fill="#E86F51" /> Static HTML
An .html file for your web page, or to share online.
 @@ -57,26 +81,22 @@ export const ExportBanner = ({ notebook_id, onClose, notebookfile_url, notebooke
<${Square} fill="#619b3d" /> PDF
A static .pdf file for print or email.
- ${ - //@ts-ignore - window.enable_secret_pluto_recording - ? html` -
record
- { - start_recording() - onClose() - e.preventDefault() - }} - class="export_card" - > -
<${Circle} fill="#E86F51" /> Record (preview)
-
Capture the entire notebook, and any changes you make.
- - ` - : null - } + ${html` +
record
+ { + WarnForVisisblePasswords() + start_recording() + onClose() + e.preventDefault() + }} + class="export_card" + > +
<${Circle} fill="#E86F51" /> Record (preview)
+
Capture the entire notebook, and any changes you make.
+ + `}