put carnet in a frame to avoid conflicting css

4 files changed, 92 insertions, 58 deletions

diff --git a/appinfo/routes.php b/appinfo/routes.php
index d1c3226..f42e891 100755
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -13,6 +13,8 @@ return [
     'routes' => [
        ['name' => 'page#index', 'url' => '/', 'verb' => 'GET'],
        ['name' => 'page#writer', 'url' => '/writer', 'verb' => 'GET'],
+       ['name' => 'page#browser', 'url' => '/browser', 'verb' => 'GET'],
+
        ['name' => 'page#importer', 'url' => '/importer', 'verb' => 'GET'],
        ['name' => 'page#exporter', 'url' => 'exporter/exporter.html', 'verb' => 'GET'],
 
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index 9aa126b..e3f758a 100755
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -27,6 +27,32 @@ class PageController extends Controller {
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
 	 */
+	public function browser() {
+		$parameters = [
+			'nc_version' => \OCP\Util::getVersion()[0],
+			'carnet_display_fullscreen' => $this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no'),
+			'app_version' => App::getAppInfo($this->appName)['version'],
+		];
+		$response = new TemplateResponse($this->appName,"browser",$parameters);
+		$response->renderAs("blank");
+		$policy = new ContentSecurityPolicy();
+		$policy->addAllowedFrameDomain('\'self\'');
+		$policy->addAllowedFrameDomain('data:');
+		
+		$response->setContentSecurityPolicy($policy); // allow iframe
+		return $response;
+	}
+
+	/**
+	 * CAUTION: the @Stuff turns off security checks; for this page no admin is
+	 *          required and no CSRF check. If you don't know what CSRF is, read
+	 *          it up in the docs or you might create a security hole. This is
+	 *          basically the only required method to add this exemption, don't
+	 *          add it to any other method if you don't exactly know what it does
+	 *
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 */
 	public function index() {
 		$parameters = [
 			'nc_version' => \OCP\Util::getVersion()[0],
@@ -34,12 +60,10 @@ class PageController extends Controller {
 			'app_version' => App::getAppInfo($this->appName)['version'],
 		];
 		$response = new TemplateResponse($this->appName,"index",$parameters);
-		if($this->config->getAppValue('carnet', 'carnetDisplayFullscreen', 'no') === "yes")
-			$response->renderAs("blank");
 		$policy = new ContentSecurityPolicy();
 		$policy->addAllowedFrameDomain('\'self\'');
 		$policy->addAllowedFrameDomain('data:');
-
+		
 		$response->setContentSecurityPolicy($policy); // allow iframe
 		return $response;
 	}
diff --git a/templates/browser.php b/templates/browser.php
new file mode 100755
index 0000000..19a5770
--- /dev/null
+++ b/templates/browser.php
@@ -0,0 +1,60 @@
+<?php
+global $currentpath;
+global $root;
+global $fullscreen;
+global $appVersion;
+$fullscreen = "yes";
+$appVersion = $_['app_version'];
+$currentpath = __DIR__."/CarnetElectron/";
+$root = \OCP\Util::linkToAbsolute("carnet","templates");
+$file = file_get_contents($currentpath."index.html");
+$root = parse_url($root, PHP_URL_PATH); 
+
+$file = preg_replace_callback('/<link(.*?)href=\"(.*?\.css(?:\?.*?)?)"/s',function ($matches) {
+    global $currentpath;
+    global $appVersion;
+    return "<link".$matches[1]."href=\"".$matches[2]."?v=".$appVersion."\"";
+}, $file);
+$file = str_replace("href=\"","href=\"".$root."/CarnetElectron/",$file);
+
+$file = preg_replace_callback('/<script(.*?)src=\"(.*?\.js(?:\?.*?)?)"/s',function ($matches) {
+    global $currentpath;
+    global $fullscreen;
+    global $appVersion;
+
+    if($matches[2] === "libs/jquery.min.js" AND $fullscreen === "no")
+        return "<script ";
+    return "<script".$matches[1]."src=\"".$matches[2]."?v=".$appVersion."\"";
+}, $file);
+// token is needed to pass the csfr check
+$file .= "<script src=\"compatibility/nextcloud/fullscreen.js?v=".$appVersion."\"></script>";
+
+$file .= "<span style=\"display:none;\" id=\"token\">".$_['requesttoken']."</span>";
+if($_['carnet_display_fullscreen']==="yes"){
+    
+    $file = str_replace('</head>', "
+    <link rel=\"apple-touch-icon-precomposed\" href=\"".image_path('', 'favicon-touch.png')."\" />
+    <link rel=\"icon\" href=\"".image_path('', 'favicon.ico')."\">
+    <link rel=\"mask-icon\" sizes=\"any\" href=\"".image_path('', 'favicon-mask.svg')."\" color=\"".$theme->getColorPrimary()."\">
+    <link rel=\"manifest\" href=\"".image_path('', 'manifest.json')."\">
+    </head>", $file);
+    if($_['nc_version']>=16)
+        style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc16");
+    
+}
+else {
+    if($_['nc_version']>=14)
+    style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc14-header");
+}
+$nonce = "";
+if (method_exists(\OC::$server, "getContentSecurityPolicyNonceManager")){
+    $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce();
+}
+else{
+    style("carnet","../templates/CarnetElectron/compatibility/nextcloud/owncloud");
+}
+
+$file = str_replace("src=\"","defer nonce='".$nonce."' src=\"".$root."/CarnetElectron/",$file);
+echo $file;
+echo "<span style=\"display:none;\" id=\"root-url\">".$root."/CarnetElectron/</span>";
+?>
\ No newline at end of file
diff --git a/templates/index.php b/templates/index.php
index 6109860..c3ae8cc 100755
--- a/templates/index.php
+++ b/templates/index.php
@@ -1,59 +1,7 @@
 <?php
-global $currentpath;
-global $root;
-global $fullscreen;
-global $appVersion;
-$fullscreen = $_['carnet_display_fullscreen'];
-$appVersion = $_['app_version'];
-$currentpath = __DIR__."/CarnetElectron/";
-$root = \OCP\Util::linkToAbsolute("carnet","templates");
-$file = file_get_contents($currentpath."index.html");
-$root = parse_url($root, PHP_URL_PATH); 
 
-$file = preg_replace_callback('/<link(.*?)href=\"(.*?\.css(?:\?.*?)?)"/s',function ($matches) {
-    global $currentpath;
-    global $appVersion;
-    return "<link".$matches[1]."href=\"".$matches[2]."?v=".$appVersion."\"";
-}, $file);
-$file = str_replace("href=\"","href=\"".$root."/CarnetElectron/",$file);
+?>
 
-$file = preg_replace_callback('/<script(.*?)src=\"(.*?\.js(?:\?.*?)?)"/s',function ($matches) {
-    global $currentpath;
-    global $fullscreen;
-    global $appVersion;
+<iframe src="./browser" style="border:unset; width:100%; margin:0;">
 
-    if($matches[2] === "libs/jquery.min.js" AND $fullscreen === "no")
-        return "<script ";
-    return "<script".$matches[1]."src=\"".$matches[2]."?v=".$appVersion."\"";
-}, $file);
-// token is needed to pass the csfr check
-$file .= "<span style=\"display:none;\" id=\"token\">".$_['requesttoken']."</span>";
-if($_['carnet_display_fullscreen']==="yes"){
-    
-    $file = str_replace('</head>', "
-    <link rel=\"apple-touch-icon-precomposed\" href=\"".image_path('', 'favicon-touch.png')."\" />
-    <link rel=\"icon\" href=\"".image_path('', 'favicon.ico')."\">
-    <link rel=\"mask-icon\" sizes=\"any\" href=\"".image_path('', 'favicon-mask.svg')."\" color=\"".$theme->getColorPrimary()."\">
-    <link rel=\"manifest\" href=\"".image_path('', 'manifest.json')."\">
-    <script src=\"compatibility/nextcloud/fullscreen.js?v=".$appVersion."\"></script>
-    </head>", $file);
-    if($_['nc_version']>=16)
-        style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc16");
-    
-}
-else {
-    if($_['nc_version']>=14)
-    style("carnet","../templates/CarnetElectron/compatibility/nextcloud/nc14-header");
-}
-$nonce = "";
-if (method_exists(\OC::$server, "getContentSecurityPolicyNonceManager")){
-    $nonce = \OC::$server->getContentSecurityPolicyNonceManager()->getNonce();
-}
-else{
-    style("carnet","../templates/CarnetElectron/compatibility/nextcloud/owncloud");
-}
-
-$file = str_replace("src=\"","defer nonce='".$nonce."' src=\"".$root."/CarnetElectron/",$file);
-echo $file;
-echo "<span style=\"display:none;\" id=\"root-url\">".$root."/CarnetElectron/</span>";
-?>
\ No newline at end of file
+</iframe>
\ No newline at end of file