Hack to hide the URL in local storage

2018-01-10 11:30:09 -08:00 · 2018-01-10 11:30:09 -08:00 · 9b8d86db25
parent 168ffd5123
commit 9b8d86db25
1 changed files with 24 additions and 4 deletions
--- a/vnc_auto.html
+++ b/vnc_auto.html
@ -188,7 +188,7 @@
            var xvpbuttons;
            xvpbuttons = $D('noVNC_xvp_buttons');
            if (ver >= 1) {
-                xvpbuttons.style.display = 'inline';yakpal.setClipboard
+                xvpbuttons.style.display = 'inline';
            } else {
                xvpbuttons.style.display = 'none';
            }
@ -196,7 +196,7 @@

        function onClipboard(rfb, text){
            $D('copyBox').value = text
-            if(window.yakpal && window.yakpal.setClipboard){
+            if(window['yakpal'] && window.yakpal.setClipboard){
                yakpal.setClipboard(text);
            }
        }
@ -204,6 +204,19 @@
        window.onscriptsload = function () {
            var host, port, password, path, token, lastClipboard;

+            // Expire any old (>4h) entries from localStorage
+            Object.keys(localStorage)
+                  .filter((x)=>x.indexOf('coyote-url-') === 0)
+                  .map((x)=>[x, JSON.parse(localStorage.getItem(x))])
+                  .filter((x)=>!x[1].timestamp || (new Date() - new Date(x[1].timestamp)) > 1000 * 3600 * 4)
+                  .map((x)=>localStorage.removeItem(x[0]));
+
+            // If we have an RID, try to load the real URL from session storage
+            var rid = WebUtil.getConfigVar('rid', '');
+            var url = localStorage.getItem('coyote-url-' + rid);
+            if (rid && url)
+                window.history.replaceState({}, document.title, url.url);
+
            //$D('sendCtrlAltDelButton').style.display = "inline";
            //$D('sendCtrlAltDelButton').onclick = sendCtrlAltDel;
            //$D('xvpShutdownButton').onclick = xvpShutdown;
@ -220,7 +233,7 @@
            $D('copyBox').addEventListener('paste', updateClipboard);

            setInterval(function(){
-                if(!window.yakpal || !window.yakpal.getClipboard) return;
+                if(!window['yakpal'] || !window.yakpal.getClipboard) return;
                //hide use-yakpal if they have it
                try{
                    document.getElementById('use-yakpal').style.display = 'none';
@ -296,8 +309,15 @@
            elm.style.display = '';

            // Scrub the query params from the URL so that it can be safely copy/pasted
+            // However, to support F5 or Ctrl-Shift-T, save the real URL in localstorage
+            // under a magic ID. The credentials are only valid for ~30 minutes after
+            // the user disconnects anyway, so this isn't a huge security issue.
            console.log("Pushing new URL. Original: " + window.location.href);
-            window.history.replaceState({}, document.title, window.location.pathname);
+            if (!rid) {
+                rid = ("" + Math.random()).replace("0.", "");
+            }
+            localStorage.setItem("coyote-url-" + rid, JSON.stringify({url: window.location.href, timestamp: new Date()}));
+            window.history.replaceState({}, document.title, window.location.pathname + "?rid=" + rid);

            rfb.connect(host, port, password, path);
        };