Commit fa5b334dcb by Joel Martin changed
getQueryVal() to always decode the value using decodeURIComponent(), but
unescape() is still used for extracting the title, leading to
double-unescaping.
As unescape() is deprecated anyway, remove the last user.
Cc: Joel Martin <github@martintribe.org>
Cc: Anthony Young <sleepsonthefloor@gmail.com>
This commit fixes `vnc_auto.html` to work with the new changes.
Note that it is not translated over when `--with-app` is used
on `util/use_require.js`. We'll probably want to deprecate it,
or do some longer-term cleanup.
Previously, setting `innerHTML` was used to display the statuses. These
could include content communicated from the remote VNC server, allowing
the remove VNC server to inject HTML into the noVNC page.
This commit switches all uses of `innerHTML` to use `textContent`, which
is not vulnerable to the HTML injection.
The states 'loaded', 'failed' and 'fatal' were all variations of the
'disconnected' state. Removing these states allows us to get rid of
many ugly workarounds and special cases. Error messages to the UI can
now instead be delivered via a new onDisconnected callback.
Names such as 'disconnect' and 'disconnected' are inconsistent in the
way that one describes an action and the other a state. The state that
was called 'normal' didn't fit in with the others because the other
names describe a connection state. The new names are: 'disconnecting',
'connecting' and 'connected'
We already have a callback mechanism for this, so let's use that.
Adds an optional parameter 'msg' to the callback.
Fixes vnc_auto.html (#646) which was broken after
4e0c36dda7
This commit moves all the input-related files from `core/`
to `core/input/`, and renames a couple as relevant
(input.js --> input/devices.js, keyboard.js --> input/util.js).
This commit restructures noVNC, splitting it into the core directory
and the app directory, with the former containing core noVNC parts,
and the latter containing parts specific to the application.
This new file contains the XT scancode mapping that
the extension will use in rfb.js file.
Signed-off-by: Daniel Henrique Barboza <danielhb@linux.vnet.ibm.com>
In order to follow the surrounding coding-standards, the
setDesktopSize client message is split from the public function which
now is called requestDesktopSize().
If a token is already present in the path, the new variable
is ignored. In order to properly manipulate the path,
a new method, `WebUtil.injectParamIfMissing` was introduced.
Fixes#536
[@directxman12: fix up path manipulation logic]
Any config variable like host, port, password, token may be
specified either in the query string (like now), or in the URL hash
fragment. In case a given variable is present in both, the value in the
fragment takes precedence. Supplying variables in the fragment avoids
leaking them to the web server hosting the noVNC viewer HTML.
Previously, if an error was thrown from the Display constructor
in the RFB constructor, we would attempt to use `RFB#updateState`
to handle this. However, `RFB#updateState` attempts to close
the WebSocket connection, which doesn't exist at this point.
In the constructor, it's probably just better to raise an exception
instead (making sure to clean up anything relevant).
Fixes#460
* Added a resize request (setDesktopSize) triggered when connecting and by
changes to the browser window's size.
* Hid the view-drag-hand when the display area is the same or smaller than the
remote session size.
* Added a setting for the automatic resize feature.
* Updated vnc.html and vnc_auto.html to reflect the changes to the UI.
button group instead of centered.
* On low resolution devices the padding towards the edges of the screen of
the left and right button groups are now removed.
* Since the status_bar was merged into the control-bar the actual status_bar
element became redundant and was therefor removed.
* Improved the style of the control-bar when there is an error or a warning.
* Implemented a fix so that vnc_auto.html works as intended with the improved
screen real estate patch.
Browsers (such as Chrome) don't report port numbers in window.location.port when
used on standard ports such as 80 and 443. This causes vnc_auto.html to not
automatically find the port as it should.
This simple change checks if window.location.port is blank, and sets port as
appropriate from the name of the protocol in use.
Related to issue/pulls:
https://github.com/kanaka/noVNC/issues/194https://github.com/kanaka/noVNC/pull/201https://github.com/kanaka/noVNC/pull/202
In IE9, the window.onload event can fire before dynamically loaded
scripts have finished loading. This can result in either WebSocket (in
the case of vnc_auto.html) or RFB (in the case of vnc.html) not being
defined at the point when window.onload is called.
- Move the load_scripts routine from vnc.js to util.js (so that
websockify can use it too). Also, refactor to work when load_scripts
is called by a script that itself uses load_scripts. When the whole
chain of dynamically loaded scripts is finished then call
window.onscriptsload. Use this mechanism in all the places that
depend on dynamic loading of scripts: vnc.html, vnc_auto.html,
websock.js, tests/vnc_playback.html, and tests/vnc_perf.html.
- Use the new window.onscriptsload handler instead of window.onload.
- Remove include/start.js and do the script loading and startup event
handling in include/ui.js instead.
The MPL 2.0 license is a "file-level" copyleft license vs the
"project-level" nature of the L/GPL. The intention of noVNC has
always been that it should be easy to incorporate into existing
projects and sites whether free/open or proprietary/commercial. The MPL
2.0 is designed for this sort of combination project but still
requires that any distributed modifications to noVNC source files must
also be published under the same license.
In addition, the MPL 2.0 allows the code to be used in L/GPL projects
(the secondary license clause). This means that any projects that are
already incorporating noVNC should not be impacted by this change and
in fact it should clarify the licensing situation (the exact
application of the L/GPL to web applications and interpreted code is
somewhat ambiguous).
The HTML, CSS, image and font files continue to be under more
permissive licenses (see LICENSE.txt). The included websockify python
code remains under a LGPLv3 license although the include/websock.js
file from the websockify component is now under MPL 2.0 as well.
Permission was received from other noVNC authors to make this change to their
code license on the following dates:
- Chris Gordon (UI): Jun 24, 2012
- Antoine Mercadal (DOM,*util.js): Oct 10, 2012
- William Lightning (UltraVNC repeater): Oct 10, 2012
- Mike Tinglof (tight encoding): Oct 15, 2012
Instead of using document.write to load scripts, use createElement to
create and append script tags. document.write is problematic in a lot
of situation and in particular is not allowed in a Chrome
extension/packaged app.
Also, in webutil.js, instead of calling init_logging during parsing of
include/webutil.js, rely on the caller to do this. The problem is that
calling init_logging on parse tries to call Util logging functions and
the new model of dynamic load may not having Util loaded by the time
webutil is parsed.
Clarify in LICENSE.txt that the noVNC core library is the part that is
LGPLv3 licensed. The HTML, CSS, images and fonts are separate from the
core library and can be modified and distributed with the noVNC core
but under their own license conditions.
HTML and CSS: 2-Clause BSD
Fonts: SIL OFL 1.1
Images: CC BY SA 3.0
In other words, you can modify the layout and appearance of of noVNC
to integrate with an existing or new web site or application without
having to publish the source for those modifications under the LGPLv3.
However, use of and modification of the noVNC core library (i.e. the
core Javascript that makes up noVNC) must still be according to the
LGPLv3.
Chris Gordon was the other contributor to the HTML, CSS, and images
included with noVNC and gave permission for this license clarification
on June 23, 2012.
* Adds the nova-novncproxy binary, to provide support for vnc + OpensStack nova
* Adds the ability to pass an auth token in via url, which is subsequently
passed back to the proxy as a cookie.
I.e. if the page is https:// then the WebSocket encrypt setting will
default to wss:// (TLS encryption).
Note that since noVNC settings are saved in cookies, this will only
affect first load. If you have already loaded the page, then the
encrypt setting will be whatever you last set it to.
The Jetty WebSocket server code used by the Clojure version of
websockify doesn't support WebSocket and Web at the same path so pass
in a default value for the path so that we can support the Clojure
version websockify.
Resolve issue: https://github.com/kanaka/noVNC/pull/101
Based on proposal from @mightpenguin:
Matthew Balman <emperor@mightypenguin.org>
If view_only option is set then do not send mouse and keyboard events.
This is not a secure/enforced way to make a client view only. To
enforce view only at the server, most VNC servers support setting
a view only password.
Pierre Ossman
Philipp Hahn
Solly Ross
Pierre Ossman
Samuel Mannehed
Daniel Henrique Barboza
Miguel Xavier Penha Neto
Ganesh Varadarajan
MOZGIII
Julien Fontanet
Martin André
Malcolm Scott
jalf
John Dewey
Will Rouesnel
Peter Åstrand (astrand)
Joel Martin
William Lightning
Anthony Young
Chris Gordon