diff options
| author | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2020-01-15 03:22:23 +0300 |
|---|---|---|
| committer | Daniel Calviño Sánchez <danxuliu@gmail.com> | 2020-01-15 04:09:54 +0300 |
| commit | e2cd8b5e22842853e72b170248a561b126042b0f (patch) | |
| tree | e924bd23664644ca0ae66d21186c7d7653eb5e2a /src/FilesSidebarCallViewApp.vue | |
| parent | fd12385a48eab86315fd6d6d9c29b539e461b6b7 (diff) | |
Fix "The operation is insecure" when accessing cssRules
In Firefox accessing "cssRules" may throw a "SecurityError" if the style
sheet was loaded from a different domain. The style sheets loaded by
Nextcloud all come from the same domain, but some Firefox extensions
inject their own stylesheets from a different domain. Due to this, when
the style sheet from the vue-at component was being looked for those
style sheets from a different domain could be iterated over, which
caused the exception to be thrown and stopped the load of Talk, which
ended causing a blank page.
In a similar way this caused an exception to be thrown when starting a
call in the Files app sidebar, which ended causing the call view to not
be shown in the sidebar.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Diffstat (limited to 'src/FilesSidebarCallViewApp.vue')
| -rw-r--r-- | src/FilesSidebarCallViewApp.vue | 49 |
1 files changed, 35 insertions, 14 deletions
diff --git a/src/FilesSidebarCallViewApp.vue b/src/FilesSidebarCallViewApp.vue index ad5b9d98c..c7226244d 100644 --- a/src/FilesSidebarCallViewApp.vue +++ b/src/FilesSidebarCallViewApp.vue @@ -161,23 +161,44 @@ export default { * call. */ addCallInFilesSidebarStyleSheet() { - for (let i = 0; i < document.styleSheets.length; i++) { - const sheet = document.styleSheets[i] - // None of the default properties of a style sheet can be used - // as an ID. Adding a "data-id" attribute would work in Firefox, - // but not in Chromium, as it does not provide a "dataset" - // property in styleSheet objects. Therefore it is necessary to - // check the rules themselves, but as the order is undefined a - // matching rule needs to be looked for in all of them. - if (sheet.cssRules.length !== 2) { - continue - } + const isCallInFilesSidebarStyleSheet = (sheet) => { + try { + // cssRules may not be defined in Chromium if the stylesheet + // is loaded from a different domain. + if (!sheet.cssRules) { + return false + } - for (const cssRule of sheet.cssRules) { - if (cssRule.cssText === '.app-sidebar-header .hidden-by-call { display: none !important; }') { - return + // None of the default properties of a style sheet can be used + // as an ID. Adding a "data-id" attribute would work in Firefox, + // but not in Chromium, as it does not provide a "dataset" + // property in styleSheet objects. Therefore it is necessary to + // check the rules themselves, but as the order is undefined a + // matching rule needs to be looked for in all of them. + if (sheet.cssRules.length !== 2) { + return false + } + + for (const cssRule of sheet.cssRules) { + if (cssRule.cssText === '.app-sidebar-header .hidden-by-call { display: none !important; }') { + return true + } + } + } catch (exception) { + // Accessing cssRules may throw a SecurityError in Firefox + // if the style sheet is loaded from a different domain. + if (exception.name !== 'SecurityError') { + throw exception } } + + return false + } + + for (let i = 0; i < document.styleSheets.length; i++) { + if (isCallInFilesSidebarStyleSheet(document.styleSheets[i])) { + return + } } const style = document.createElement('style') |