Most (all?) new APIs will require a "secure context", which generally
means served over TLS. We can expect crashes because of missing
functions if this requirement isn't fulfilled, so try to warn the user.
It seems that Firefox has a bug where these are fired incorrectly when
we are in an <iframe>. The events also contain no useful details, so we
can't really do anything useful with them anyway.
This space that was added here was added to the parsed value of the
query variable. This broke any comparisons with the value, for example
"myvar=true" resulted in a value of "true ".
This was broken by f796b05e42
The commit also adds unit tests for webutil.getConfigVar() that will
detect problems like this in the future.
Passing parameters as part of the fragment could be considered
benifical from a security or privacy standpoint when compared to query
string parameters. The URL fragment parameters are not sent to the
server.
Add several single and multitouch gestures to simulate various mouse
actions that would otherwise be impossible to perform.
This replaces the old system where you could select which mouse button
a single touch would generate.
This was done a bit arbitrarily before which could easily miss things,
end up in the wrong state and not trigger animations correctly.
This reverts commit c12e5b2b54 and fixes
things in a different way.
Closing the toolbar would make the focus remain on the toolbar and
not in the session. The only way to switch focus was to click in the
session. This commit will automatically switch back focus to the session
after closing the toolbar.
As a rule, instead of hard-coding a behavior on specific platforms we
should do dynamic detection.
This commit moves away from always hiding scrollbars on Android and iOS
and instead detects the rendered width of scrollbars in the browser.
When showing a new status popup we want to set a timer for how long to
show it. In cases where we show many statuses in a fast succession we
need to remove any running timeouts when showing a new one.
There are exceptions when new statuses won't be shown, and thats if a
more severe status is already showing, i.e and error or a warning.
Warnings can still have timeouts. There was a bug that occured when we
tried to show a normal status while a warning was showing. The bug
caused the warning status timeout to be removed even if the normal
status was never shown. We should only remove running timeouts if we're
actually going to show a new status.
If using the extra keys always gives focus to the screen then an
on-screen keyboard would be closed. When using on-screen keyboards we
instead want to give focus to our virtual keyboard input element.
A regression from 2afda54 and friends was that you couldn't use the
extra keys and then directly use the keyboard, you would have to click
in the session first.
This commit restores the correct behavior and also adds a visual queue
to the fact that the screen got the focus by fading the controlbar.
Toggling the enabled state is a remnant from an earlier version
of the code where we could determine if the the session is actually
clipped, and not just that the setting is enabled.
Right now we only change things based on the setting, so let's
completely hide the button when clipping is disabled.
It is not relevant for the connection stage so it should not have
been a constructor argument to begin with. Ship with a warning for
a release before we remove it.
* First attempt to make the fullscreen button work inside an iframe.
* Cleaner distinction between document element and document.
* Scoping corrections. Auto-detect correct iframe.
* Added comments to the relevant sections.
* IE issue fixed.
* Same source issue solved. fullscreenToggle now checks if it is permitted to inspect other iframes.
Previously scrollbars were disabled on all touch devices. This meant
that they were disabled on Windows when touch was detected. Windows does
in fact have useful scrollbars even in touch mode. Fixes Issue #1172
* Change copyright header
This updates the copyright header to say "The noVNC Authors". People
who previously had copyright listings are now under the AUTHORS file.
The enableDisableViewClip call in the fullscreen code didn't have any
effect and should have been removed when the special case for clipping
in IE and Safari fullscreen was removed in b18ef81.
The setViewDrag call claimed to disable view drag on UI state change.
The UI states are:
init, connecting, connected, reconnecting, disconnecting, disconnected
The only state where the called function didn't immediately return was
"connected" and that's the only state where enabling view drag is
possible. Thus it could never have been enabled when changing to the
"connected" state.
Always use the shorthand notation if the function is a method of an object or class `{ foo() { ... } }` or `class bar { foo() { ... } }`
unless it's a callback in which case you a fat arrow function should be used `{ cb: () => { ... } }`
Chinese has several writing systems so we need to be clear which one
our translation covers. The one we currently have is for Traditional
Chinese so make sure it uses the matching language tag.
This only reads from localstorage in order to initialize the settings
map. After initializaton, reads will return the value from the map.
When writing a value, the settings map and the local storage
are updated, unless the setting is a default value or derived from
the query string.
This has a few advantages:
1. Saved settings will not be overridden by settings specified in
the query string. This means a setting could be temporarily changed
using the query string, but once removed from the query string, the
setting would return back to what the user selected.
2. Default values will not be saved. If a user has always used
the default value for a setting, then they can move to a new version
with different defaults without clearing localstorage.
3. Changes made to localstorage in a session running in a different
window will not affect the settings in the current window (until
the page is refreshed).
Regarding eraseSetting:
It is possible that another tab could change the value, leading
to an unexpected value change in the tab that deletes. However,
this function is currently unused, so this will be evaluted if
and when it used.
We can be disconnected because of server reasons, not just because
someone clicked the disconnect button. Make sure we clean up the
reference and get a proper state in those cases as well.
Commit 3729976 only updated xgettext.html which generates the .pot file.
This commit also makes sure that the actual translations are applied to
the interface.
Fixes#997
Instead of waiting for updateVisualState() to be called in order for the
interface to update, we can call it directly in updateViewOnly(). This
is a better placement logically as well. Another upside of this is that
we can call updateVisualState() earlier on connect, that allows for the
"connecting"-throbber to be shown quicker.
The UI does after all have enough information to determine if the
disconnection event was received before or after we were connected. If
we were never connected at all, we should adapt the error message to
reflect this.
And only show the first error. This means that if UI.showStatus() is
called for a new error while one error is already showing, the new
error will not be shown. However, if a warning was showing and a new
error comes up, the warning will be overwritten.
The API allowed strings to be passed from the RFB module to the
application using the disconnect reason. This caused problems since
the application didn't have control over translations for these
strings.
Most of the information being passed using this string was very
technical and not helpful to the end user. One exception to this was
the security result information regarding for example authentication
failures. The protocol allows the VNC server to pass a string
directly to the user in the security result.
So the disconnect reason is replaced by a boolean saying if the
disconnection was clean or not. And for the security result information
from the server, a new event has been added.
Instead of exposing all the internal connection states, the RFB module
will now only send events on connect and on disconnect. This makes it
simpler for the application and gets rid of the double events that were
being sent on disconnect (previously updatestate and disconnect).
An RFB object represents a single connection so it doesn't make
sense to have one without it trying to connect right away. Matches
the behaviour of other APIs, e.g. WebSocket.
Use normal properties with JavaScript setters and getters instead of
our homegrown stuff.
This also changes the properties to follow normal naming conventions.
The previous method of retaining focus didn't work reliably when
the RFB object tried to move the focus to the canvas. Add a setting
to control "focus on click" behaviour instead of letting them try
to fight it out.
We broke handling of keydown/keyup when we moved the focus to the
canvas, as events from our input element would then no longer be
caught when they bubbled up to the document object (where we
previously caught events).
Restore the previous behaviour in a cleaner manner by creating a
second Keyboard object to handle this extra input variant.
Avoid the deprecated keypress event in favour of the keydown event.
It has the benefit of triggering for all keys, not just those that
produce symbols.
The focus can now move to the canvas so it is no longer a source of
confusion. It is also important to indicate that they have focus now
that we actually respect it.
Give the canvas proper focus handling. This avoids messy logic that
needs to disable and enable event handling when we want to interact
with other UI elements.
It also makes sure we can properly inhibit the browser from triggering
local actions on key presses.
During the last round of translations a few fuzzy markings was not
removed even though the string was updated. This can happen when the
translators edit the .po-file manually. Fuzzy markings result in that
the strings do not get included into the generated .json files.
The control bar can be dragged to the other side, this isn't obvious
however. This adds a hint on the opposite side in the form of a subtle
glowing half-ellipse.
If a user disconnects but leaves the browser tab open, the password
input field would still contain the password for future connections.
We now clear the input field after reading the password into memory.
It wasn't working properly anymore because it expected to be triggered
by the "load". But we now register that event listener long after the
"load" event has already fired.
Many browsers, for example Chrome on Android will not allow audio to
play unless it's initiated from a user action. It is not reasonable to
display an error for this. Fixes issue #821.
Setting a style to null does restore it in FF, Chrome, Safari and Edge.
But it does not work in Internet Explorer. The proper way to restore to
default values is to set it to the empty string. This works in all
browsers. Fixes issue #808.
Pierre Ossman
pdlan
Samuel Mannehed
yatru
Jose (Ito) Matsuda
Liddack
NNN1590
Alex Tanskanen
Niko Lehto
Alvin Townsend
Chris Koying Browet
Juanjo Diaz
nnn1590
Ján Jockusch
Dmitriy Shweew
Baw_Appie
Sebastian Safari
Petr
Solly Ross
Alexander E. Patrakov
Zhou Chaolin
CUI Wei
Andrew Webster
Ömer ÇAKMAK
Juanjo Diaz
Peter Dave Hello
Deni42
Dominik Csapak
Mariusz Jamro
Giannis Kosmas
David Gnedt