December 2012 - tor-commits - lists.torproject.org

[flashproxy/master] Add text to options page when flashproxy cookie is not present.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit d0015faf0d56767cdbf8afa5462e908e81d1b0c6 Author: Alexandre Allaire <alexandre.allaire(a)mail.mcgill.ca> Date: Fri Dec 21 13:55:41 2012 -0500 Add text to options page when flashproxy cookie is not present. If the user visits the page with no cookie set, some text informs him that he has not chosen a setting yet, and that his browser may be used as a proxy depending on how the badge has been configured by the website admin. The "configuration" in question is whether the badge is hosted with the "cookierequired" query parameter or not. --- proxy/options.html | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++- proxy/options.js | 68 ------------------------------------------------- 2 files changed, 70 insertions(+), 70 deletions(-) diff --git a/proxy/options.html b/proxy/options.html index f5c03a3..1126850 100644 --- a/proxy/options.html +++ b/proxy/options.html @@ -56,7 +56,7 @@ JavaScript to change your options. </noscript> <div id="setting"> </div> -<div id="buttons" style="display: none;"> +<div onclick="update_setting_text()" id="buttons" style="display: none;"> <button onclick="set_cookie_allowed()">Yes</button> <button onclick="set_cookie_disallowed()">No</button> </div> @@ -67,6 +67,74 @@ in order to set flash proxy settings. </p> </div> </div> -<script type="text/javascript" src="options.js"></script> +<script type="text/javascript"> + +var COOKIE_NAME = "flashproxy-allow"; +/* max-age is not supported in IE. */ +var COOKIE_LIFETIME = "Thu, 01 Jan 2038 00:00:00 GMT"; + +function set_cookie_allowed() { + document.cookie = COOKIE_NAME + "=1 ;path=/ ;expires=" + COOKIE_LIFETIME; +} + +function set_cookie_disallowed() { + document.cookie = COOKIE_NAME + "=0 ;path=/ ;expires=" + COOKIE_LIFETIME; +} + +/* Returns the value of the cookie, or undefined + if the cookie is not present. */ +function read_cookie() { + var split, name, value; + var cookies = document.cookie.split(";"); + + for (i in cookies) { + split = cookies[i].split("="); + name = split[0]; + value = split[1]; + + while (name[0] === " ") + name = name.substr(1); + if (COOKIE_NAME === name) + return value; + } + return undefined; +} + +/* Updates the text telling the user what his current setting is.*/ +function update_setting_text() { + var setting = document.getElementById("setting"); + var prefix = "<p>Your current setting is: "; + var value = read_cookie(); + + if (value === undefined) { + setting.innerHTML = prefix + "unspecified. Your browser may or may not " + + "run as a proxy, depending on how the website " + + "administrator has configured the badge. Click " + + "the buttons below to change your setting."; + } else if (value === "1") { + setting.innerHTML = prefix + "use my browser as a proxy. " + + "Click no below to change your setting.</p>"; + } else { + setting.innerHTML = prefix + "do not use my browser as a proxy. " + + "Click yes below to change your setting.</p>"; + } +} + +window.onload = function () { + if (navigator.cookieEnabled) { + var buttons = document.getElementById("buttons"); + buttons.style.display = "block"; + update_setting_text(); + } else { + document.getElementById("cookies_disabled").style.display = "block"; + /* Manually set the text here as otherwise it will refer to + the buttons, which don't show if cookies are disabled. */ + document.getElementById("setting").innerHTML = "<p>Your current setting is: " + + "unspecified. Your browser may or may not " + + "run as a proxy, depending on how the website " + + "administrator has configured the badge.</p>"; + } +}; +</script> </body> </html> diff --git a/proxy/options.js b/proxy/options.js deleted file mode 100644 index c9a8713..0000000 --- a/proxy/options.js +++ /dev/null @@ -1,68 +0,0 @@ -/* This is the javascript for the opt-in page. It sets/deletes - a cookie which controls whether the flashproxy javascript - code should run or disable itself. */ - -var COOKIE_NAME = "flashproxy"; -/* max-age is not supported in IE. */ -var COOKIE_LIFETIME = "Thu, 01 Jan 2020 00:00:00 GMT"; - -/* This wrapper will attach events correctly in older - versions of IE. */ -function add_event(elem, evt, handler) { - if (elem.attachEvent) - elem.attachEvent("on" + evt, handler); - else - elem.addEventListener(evt, handler); -} - -function set_cookie_allowed() { - document.cookie = COOKIE_NAME + "=1;path=/ ;expires=" + COOKIE_LIFETIME; -} - -function set_cookie_disallowed() { - document.cookie = COOKIE_NAME + "=0;path=/ ;expires=" + COOKIE_LIFETIME; -} - -add_event(window, "load", function () { - - function cookie_present() { - var cookies = document.cookie.split(";"); - - for (i in cookies) { - var name = cookies[i].split("=")[0]; - - while (name[0] === " ") - name = name.substr(1); - if (COOKIE_NAME === name) - return true; - } - return false; - } - - /* Updates the text telling the user what his current setting is.*/ - function update_setting_text() { - var setting = document.getElementById("setting"); - var prefix = "<p>Your current setting is: "; - - if (cookie_present()) { - setting.innerHTML = prefix + "use my browser as a proxy. " + - "Click no below to change your setting.</p>"; - } else { - setting.innerHTML = prefix + "do not use my browser as a proxy. " + - "Click yes below to change your setting.</p>"; - } - } - - if (navigator.cookieEnabled) { - var buttons = document.getElementById("buttons"); - add_event(buttons, "click", update_setting_text); - buttons.style.display = "block"; - update_setting_text(); - } else { - document.getElementById("cookies_disabled").style.display = "block"; - /* Manually set the text here as otherwise it will refer to - the buttons, which don't show if cookies are disabled. */ - document.getElementById("setting").innerHTML = "<p>Your current setting is: " + - "do not use my browser as a proxy.</p>"; - } -});

1 0

[flashproxy/master] Handle opt-in cookie in flashproxy.js
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit fb83ae8524ca94f802598d02ed4ed8eba63320a1 Author: Alexandre Allaire <alexandre.allaire(a)mail.mcgill.ca> Date: Fri Dec 21 18:59:59 2012 -0500 Handle opt-in cookie in flashproxy.js The proxy disables itself if either the user has opted out or opt-in is required and the user has not opted-in. To determine if opt-in is required it checks for a "cookierequired" boolean query parameter. To determine the user's opt-in setting it parses document.cookie and interprets the value of the cookie as a boolean parameter. --- proxy/flashproxy-test.js | 7 +++-- proxy/flashproxy.js | 49 ++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 49 insertions(+), 7 deletions(-) diff --git a/proxy/flashproxy-test.js b/proxy/flashproxy-test.js index ba2b8a0..86c48d9 100755 --- a/proxy/flashproxy-test.js +++ b/proxy/flashproxy-test.js @@ -11,6 +11,7 @@ var num_tests = 0; var num_failed = 0; var window = {location: {search: "?"}}; +var document = {cookie: ""}; load("flashproxy.js"); @@ -159,7 +160,7 @@ function test_parse_query_string() } } -function test_get_query_param_boolean() +function test_get_param_boolean() { var TESTS = [ { qs: "param=true", @@ -187,7 +188,7 @@ function test_get_query_param_boolean() var query; query = parse_query_string(test.qs); - actual = get_query_param_boolean(query, "param", false); + actual = get_param_boolean(query, "param", false); if (objects_equal(actual, test.expected)) pass(test.qs); else @@ -266,7 +267,7 @@ function test_get_query_param_addr() test_build_url(); test_parse_query_string(); -test_get_query_param_boolean(); +test_get_param_boolean(); test_parse_addr_spec(); test_get_query_param_addr(); diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index 3bdae8e..e5eb419 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -12,6 +12,12 @@ * "1", "true", and the empty string "" all enable debug mode. Any other value * uses the normal badge display. * + * cookierequired=0|1 + * If present with value "1", "true", or "", the proxy will disable + * itself if the user has not explicitly opted in by setting a cookie + * through the options page. If absent, set to "0" or "false", the proxy + * will run unless the user has explicitly opted out. + * * facilitator=https://host:port/ * The URL of the facilitator CGI script. By default it is * DEFAULT_FACILITATOR_URL. @@ -62,13 +68,16 @@ var DEFAULT_RATE_LIMIT = undefined; var MIN_RATE_LIMIT = 10 * 1024; var RATE_LIMIT_HISTORY = 5.0; +/* Name of cookie that controls opt-in/opt-out. */ +var OPT_IN_COOKIE = "flashproxy-allow"; /* Firefox before version 11.0 uses the name MozWebSocket. Whether the global variable WebSocket is defined indicates whether WebSocket is supported at all. */ var WebSocket = window.WebSocket || window.MozWebSocket; var query = parse_query_string(window.location.search.substr(1)); -var DEBUG = get_query_param_boolean(query, "debug", false); +var cookies = parse_cookie_string(document.cookie); +var DEBUG = get_param_boolean(query, "debug", false); var debug_div; if (DEBUG) { @@ -88,6 +97,30 @@ function puts(s) { } } +/* Parse a cookie data string (usually document.cookie). The return type + is an object mapping cookies names to values. For a description of the cookie + string format see http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-8747038 */ +function parse_cookie_string(cookies) { + var strings = []; + var result = {}; + + if (cookies) + strings = cookies.split(";"); + + for (var i = 0; i < strings.length; i++) { + var j; + var string = strings[i]; + + while (string[0] === " ") + string = string.substr(1); + + j = string.indexOf("="); + result[string.substr(0, j)] = string.substr(j + 1); + } + + return result; +} + /* Parse a URL query string or application/x-www-form-urlencoded body. The return type is an object mapping string keys to string values. By design, this function doesn't support multiple values for the same named parameter, @@ -180,14 +213,14 @@ function build_url(scheme, host, port, path, params) { return parts.join(""); } -/* Get a query string parameter and return it as a boolean, or return - default_val if param is not present in the query string. True values are "1", +/* Get a query or cookie string parameter and return it as a boolean, or return + default_val if param is not present in the string. True values are "1", "true", and "". False values are "0" and "false". Any other value causes the function to return null (effectively false). The empty string is true so that URLs like http://example.com/?debug will enable debug mode. */ -function get_query_param_boolean(query, param, default_val) { +function get_param_boolean(query, param, default_val) { var val; val = query[param]; @@ -901,6 +934,14 @@ function flashproxy_should_disable() { return true; } + var setting = get_param_boolean(cookies, OPT_IN_COOKIE, undefined); + var opt_in = get_param_boolean(query, "cookierequired", false); + if (setting === undefined && opt_in || setting === false) { + /* User has opted-out, or opt-in is required and cookie is missing. */ + puts("Disable because of opt-out or required opt-in."); + return true; + } + return false; }

1 0

[flashproxy/master] Remove disable button from badge.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit 9234b9a557b8d65f1c787bb3a7fd3a137a85b2c2 Author: Alexandre Allaire <alexandre.allaire(a)mail.mcgill.ca> Date: Fri Dec 21 14:35:19 2012 -0500 Remove disable button from badge. Remove javascript and css for the badge's disable button. This undoes commit 008bc8013eb2db6d11e6ac4bf3e814b62c1a4a51. --- proxy/embed.html | 17 ----------------- proxy/flashproxy.js | 24 +----------------------- 2 files changed, 1 insertions(+), 40 deletions(-) diff --git a/proxy/embed.html b/proxy/embed.html index feb2fd0..53b5bf5 100644 --- a/proxy/embed.html +++ b/proxy/embed.html @@ -36,28 +36,11 @@ body { background-color: #111; } #flashproxy-badge td { - position: relative; margin: 0; padding: 0; vertical-align: middle; text-align: center; } -#flashproxy-badge td .disable-button { - position: absolute; - margin: 0; - padding: 0; - border: 1px solid white; - color: white; - background-color: #B00; - top: 1px; - right: 1px; - width: 11px; - height: 11px; - text-align: center; - line-height: 11px; - font-size: 11px; - display: none; -} #flashproxy-badge a img { border: 0; } diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index aff64a9..3bdae8e 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -385,17 +385,6 @@ function FlashProxy() { this.badge_elem = debug_div; } else { this.badge = new Badge(); - this.badge.elem.onmouseover = function(event) { - this.badge.disable_button.style.display = "block"; - }.bind(this); - this.badge.elem.onmouseout = function(event) { - this.badge.disable_button.style.display = "none"; - }.bind(this); - /* Click a button to disable the badge. */ - this.badge.disable_button.onclick = function(event) { - this.disable(); - this.badge.disable_button.parentNode.removeChild(this.badge.disable_button); - }.bind(this); this.badge_elem = this.badge.elem; } this.badge_elem.setAttribute("id", "flashproxy-badge"); @@ -786,7 +775,7 @@ function Badge() { /* Number of proxy pairs currently connected. */ this.num_proxy_pairs = 0; - var table, tr, td, div, a, img; + var table, tr, td, a, img; table = document.createElement("table"); tr = document.createElement("tr"); @@ -805,15 +794,6 @@ function Badge() { this.elem = table; this.elem.className = "idle"; - a = document.createElement("a"); - a.setAttribute("href", "#"); - this.disable_button = document.createElement("div"); - /* HEAVY MULTIPLICATION X */ - this.disable_button.innerHTML = "✖"; - this.disable_button.className = "disable-button"; - a.appendChild(this.disable_button); - td.appendChild(a); - this.proxy_begin = function() { this.num_proxy_pairs++; this.elem.className = "active"; @@ -828,12 +808,10 @@ function Badge() { this.disable = function() { this.elem.className = "disabled"; - this.disable_button.style.display = "none"; } this.die = function() { this.elem.className = "dead"; - this.disable_button.style.display = "none"; } }

1 0

[flashproxy/master] Make parse_cookie_string parallel parse_query_string.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit 905e5eaf1a0e7b4a4e5b8838c169a1ed198fcd87 Author: David Fifield <david(a)bamsoftware.com> Date: Mon Dec 24 17:53:46 2012 -0800 Make parse_cookie_string parallel parse_query_string. --- proxy/flashproxy.js | 21 +++++++++++++-------- 1 files changed, 13 insertions(+), 8 deletions(-) diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index 712ef4e..cf22b8d 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -101,21 +101,26 @@ function puts(s) { is an object mapping cookies names to values. For a description of the cookie string format see http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-8747038 */ function parse_cookie_string(cookies) { - var strings = []; - var result = {}; + var strings; + var result; + result = {}; if (cookies) strings = cookies.split(";"); - + else + strings = []; for (var i = 0; i < strings.length; i++) { - var j; var string = strings[i]; - - while (string[0] === " ") - string = string.substr(1); + var j, name, value; j = string.indexOf("="); - result[string.substr(0, j)] = string.substr(j + 1); + name = string.substr(0, j); + value = string.substr(j + 1); + + while (name[0] === " ") + name = name.substr(1); + + result[name] = value; } return result;

1 0

[flashproxy/master] Simplify "cookierequired" parameter comment.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit ebfb8fc20907168ac38b63c595299f5b2b38c645 Author: Alexandre Allaire <alexandre.allaire(a)mail.mcgill.ca> Date: Fri Dec 21 19:20:18 2012 -0500 Simplify "cookierequired" parameter comment. Simplify the comment explaining the "cookierequired" query parameter. --- proxy/flashproxy.js | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index e5eb419..712ef4e 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -13,9 +13,8 @@ * uses the normal badge display. * * cookierequired=0|1 - * If present with value "1", "true", or "", the proxy will disable - * itself if the user has not explicitly opted in by setting a cookie - * through the options page. If absent, set to "0" or "false", the proxy + * If true, the proxy will disable itself if the user has not explicitly opted + * in by setting a cookie through the options page. If absent or false, the proxy * will run unless the user has explicitly opted out. * * facilitator=https://host:port/ @@ -70,6 +69,7 @@ var RATE_LIMIT_HISTORY = 5.0; /* Name of cookie that controls opt-in/opt-out. */ var OPT_IN_COOKIE = "flashproxy-allow"; + /* Firefox before version 11.0 uses the name MozWebSocket. Whether the global variable WebSocket is defined indicates whether WebSocket is supported at all. */

1 0

[flashproxy/master] It's an error if a cookie string is missing '='.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit d44ab0485cb7ae072c604a3a9fe29715f4cdbc0f Author: David Fifield <david(a)bamsoftware.com> Date: Mon Dec 24 18:01:23 2012 -0800 It's an error if a cookie string is missing '='. --- proxy/flashproxy.js | 8 ++++++-- 1 files changed, 6 insertions(+), 2 deletions(-) diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index cf22b8d..777fb0d 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -98,8 +98,9 @@ function puts(s) { } /* Parse a cookie data string (usually document.cookie). The return type - is an object mapping cookies names to values. For a description of the cookie - string format see http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-8747038 */ + is an object mapping cookies names to values. Returns null on error. + + http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-8747038 */ function parse_cookie_string(cookies) { var strings; var result; @@ -114,6 +115,9 @@ function parse_cookie_string(cookies) { var j, name, value; j = string.indexOf("="); + if (j === -1) { + return null; + } name = string.substr(0, j); value = string.substr(j + 1);

1 0

[flashproxy/master] Handle equal signs in cookie values correctly.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit 4318c560e094f78cf94717502fbad737dc426ebb Author: Alexandre Allaire <alexandre.allaire(a)mail.mcgill.ca> Date: Fri Dec 21 19:11:17 2012 -0500 Handle equal signs in cookie values correctly. The previous version split on the "=" character, and took the second element in the split as the cookie value. This will truncate cookie values with equal signs in them. The correct approach is to take everything after the first "=" as the value. --- proxy/options.html | 16 ++++++++-------- 1 files changed, 8 insertions(+), 8 deletions(-) diff --git a/proxy/options.html b/proxy/options.html index 1126850..59f0125 100644 --- a/proxy/options.html +++ b/proxy/options.html @@ -84,18 +84,18 @@ function set_cookie_disallowed() { /* Returns the value of the cookie, or undefined if the cookie is not present. */ function read_cookie() { - var split, name, value; + var str, j; var cookies = document.cookie.split(";"); for (i in cookies) { - split = cookies[i].split("="); - name = split[0]; - value = split[1]; + str = cookies[i]; - while (name[0] === " ") - name = name.substr(1); - if (COOKIE_NAME === name) - return value; + while (str[0] === " ") + str = str.substr(1); + + j = str.indexOf("="); + if (COOKIE_NAME === str.substr(0, j)) + return str.substr(j + 1); } return undefined; }

1 0

[flashproxy/master] Decode our cookie values.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit b90d85ca8dc669b77f052406939a26f9d722d176 Author: David Fifield <david(a)bamsoftware.com> Date: Tue Dec 25 10:42:38 2012 -0800 Decode our cookie values. The encoding is not part of the syntax of cookies, but it makes safe characters like whitespace. --- proxy/flashproxy.js | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index caa3a31..d6bcdab 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -118,8 +118,8 @@ function parse_cookie_string(cookies) { if (j === -1) { return null; } - name = string.substr(0, j).trim(); - value = string.substr(j + 1).trim(); + name = decodeURIComponent(string.substr(0, j).trim()); + value = decodeURIComponent(string.substr(j + 1).trim()); if (!(name in result)) result[name] = value;

1 0

[flashproxy/master] First cookie value wins, like parse_query_string.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit a41614bf46ad4093c448f891f6f9a2174539c33c Author: David Fifield <david(a)bamsoftware.com> Date: Mon Dec 24 18:03:28 2012 -0800 First cookie value wins, like parse_query_string. --- proxy/flashproxy.js | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index 86ecfab..caa3a31 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -121,7 +121,8 @@ function parse_cookie_string(cookies) { name = string.substr(0, j).trim(); value = string.substr(j + 1).trim(); - result[name] = value; + if (!(name in result)) + result[name] = value; } return result;

1 0

[flashproxy/master] Break up the cookie disable logic.
by dcf＠torproject.org 28 Dec '12

28 Dec '12

commit 6d6505aa84583806bb5cedfbe51430cc8079c272 Author: David Fifield <david(a)bamsoftware.com> Date: Tue Dec 25 13:38:39 2012 -0800 Break up the cookie disable logic. --- proxy/flashproxy.js | 14 +++++++++----- 1 files changed, 9 insertions(+), 5 deletions(-) diff --git a/proxy/flashproxy.js b/proxy/flashproxy.js index 4aecc8c..795dac1 100644 --- a/proxy/flashproxy.js +++ b/proxy/flashproxy.js @@ -942,11 +942,15 @@ function flashproxy_should_disable() { return true; } - var setting = get_param_boolean(cookies, OPT_IN_COOKIE, undefined); - var opt_in = get_param_boolean(query, "cookierequired", false); - if (setting === undefined && opt_in || setting === false) { - /* User has opted-out, or opt-in is required and cookie is missing. */ - puts("Disable because of opt-out or required opt-in."); + var flashproxy_allow = get_param_boolean(cookies, OPT_IN_COOKIE); + var cookierequired = get_param_boolean(query, "cookierequired", false); + /* flashproxy_allow may be true, false, or undefined. If undefined, only + disable if the cookierequired param is also set. */ + if (flashproxy_allow === false) { + puts("Disable because of cookie opt-out."); + return true; + } else if (cookierequired && !flashproxy_allow) { + puts("Disable because of cookie required and no opt-in."); return true; }

1 0