jcarr
/
noVNC
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for URL fragment parameters 

Passing parameters as part of the fragment could be considered
benifical from a security or privacy standpoint when compared to query
string parameters. The URL fragment parameters are not sent to the
server.
This commit is contained in:
yatru 2021-08-31 16:04:56 +02:00 committed by Samuel Mannehed
parent 0a8ced2cfe
commit f796b05e42
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/webutil.js
View File

@ -20,10 +20,19 @@ export function initLogging(level) {
} }
// Read a query string variable // Read a query string variable
// A URL with a query parameter can look like this (But will most probably get logged on the http server):
// https://www.example.com?myqueryparam=myvalue
//
// For privacy (Using a hastag #, the parameters will not be sent to the server)
// the url can be requested in the following way:
// https://www.example.com#myqueryparam=myvalue&password=secreatvalue
//
// Even Mixing public and non public parameters will work:
// https://www.example.com?nonsecretparam=example.com#password=secreatvalue
export function getQueryVar(name, defVal) { export function getQueryVar(name, defVal) {
"use strict"; "use strict";
const re = new RegExp('.*[?&]' + name + '=([^&#]*)'), const re = new RegExp('.*[?&]' + name + '=([^&#]*)'),
match = document.location.href.match(re); match = ''.concat(document.location.href, " ", window.location.hash).match(re);
if (typeof defVal === 'undefined') { defVal = null; } if (typeof defVal === 'undefined') { defVal = null; }
if (match) { if (match) {

11
vnc_lite.html
View File

@ -109,13 +109,20 @@
// query string. If the variable isn't defined in the URL // query string. If the variable isn't defined in the URL
// it returns the default value instead. // it returns the default value instead.
function readQueryVariable(name, defaultValue) { function readQueryVariable(name, defaultValue) {
// A URL with a query parameter can look like this: // A URL with a query parameter can look like this (But will most probably get logged on the http server):
// https://www.example.com?myqueryparam=myvalue // https://www.example.com?myqueryparam=myvalue
// //
// For privacy (Using a hastag #, the parameters will not be sent to the server)
// the url can be requested in the following way:
// https://www.example.com#myqueryparam=myvalue&password=secreatvalue
//
// Even Mixing public and non public parameters will work:
// https://www.example.com?nonsecretparam=example.com#password=secreatvalue
//
// Note that we use location.href instead of location.search // Note that we use location.href instead of location.search
// because Firefox < 53 has a bug w.r.t location.search // because Firefox < 53 has a bug w.r.t location.search
const re = new RegExp('.*[?&]' + name + '=([^&#]*)'), const re = new RegExp('.*[?&]' + name + '=([^&#]*)'),
match = document.location.href.match(re); match = ''.concat(document.location.href, " ", window.location.hash).match(re);
if (match) { if (match) {
// We have to decode the URL since want the cleartext value // We have to decode the URL since want the cleartext value