From: Dominik Csapak <d.csapak@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH novnc] fix #5639: prevent browser from trying to save novnc password
Date: Tue, 27 Aug 2024 15:15:12 +0200 [thread overview]
Message-ID: <20240827131512.2685250-1-d.csapak@proxmox.com> (raw)
by not using the password input at all, but pass the password
to the connect function manually
this changes the first patch instead of adding another one, since
it only touches code from that.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
.../0001-add-PVE-specific-JS-code.patch | 37 +++++++------------
...002-add-custom-fbresize-event-on-rfb.patch | 6 +--
...nge-scaling-when-toggling-fullscreen.patch | 6 +--
...rectory-for-fetching-images-js-files.patch | 4 +-
.../0011-add-localCursor-setting-to-rfb.patch | 6 +--
.../0012-pass-custom-command-to-vnc.patch | 2 +-
...passing-deprecated-upgrade-parameter.patch | 2 +-
...-create-own-class-for-hidden-buttons.patch | 2 +-
...-button-on-isFullscreen-get-variable.patch | 2 +-
...ow-start-button-on-not-running-vm-ct.patch | 4 +-
.../patches/0019-show-clipboard-button.patch | 8 ++--
11 files changed, 33 insertions(+), 46 deletions(-)
diff --git a/debian/patches/0001-add-PVE-specific-JS-code.patch b/debian/patches/0001-add-PVE-specific-JS-code.patch
index 904adda..ca01d11 100644
--- a/debian/patches/0001-add-PVE-specific-JS-code.patch
+++ b/debian/patches/0001-add-PVE-specific-JS-code.patch
@@ -12,18 +12,18 @@ for `autoresizing`, `commandstoggle`, etc., get setup.
Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
- app/pve.js | 427 +++++++++++++++++++++++++++++++++++++++++++++++++++++
- app/ui.js | 66 +++++++--
+ app/pve.js | 428 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ app/ui.js | 62 ++++++--
vnc.html | 10 +-
- 3 files changed, 489 insertions(+), 14 deletions(-)
+ 3 files changed, 485 insertions(+), 15 deletions(-)
create mode 100644 app/pve.js
diff --git a/app/pve.js b/app/pve.js
new file mode 100644
-index 0000000..e3c7758
+index 0000000..1a062ad
--- /dev/null
+++ b/app/pve.js
-@@ -0,0 +1,427 @@
+@@ -0,0 +1,428 @@
+/*
+ * PVE Utility functions for noVNC
+ * Copyright (C) 2017 Proxmox GmbH
@@ -392,10 +392,11 @@ index 0000000..e3c7758
+ vncticket: result.data.ticket
+ });
+
-+ document.getElementById('noVNC_password_input').value = result.data.ticket;
++ let password = result.data.ticket;
++ me.UI.reconnectPassword = password;
+ me.UI.forceSetting('path', 'api2/json' + me.baseUrl + '/vncwebsocket' + "?" + wsparams);
+
-+ callback();
++ callback(password);
+ },
+ failure: function(msg) {
+ me.UI.showStatus(msg, 'error');
@@ -452,7 +453,7 @@ index 0000000..e3c7758
+ },
+};
diff --git a/app/ui.js b/app/ui.js
-index c1f6776..5ebb134 100644
+index c1f6776..c86f36c 100644
--- a/app/ui.js
+++ b/app/ui.js
@@ -17,6 +17,7 @@ import keysyms from "../core/input/keysymdef.js";
@@ -495,13 +496,14 @@ index c1f6776..5ebb134 100644
- let autoconnect = WebUtil.getConfigVar('autoconnect', false);
- if (autoconnect === 'true' || autoconnect == '1') {
- autoconnect = true;
-+ UI.PVE.pveStart(function() {
- UI.connect();
+- UI.connect();
- } else {
- autoconnect = false;
- // Show the connect panel on first load unless autoconnecting
- UI.openConnectPanel();
- }
++ UI.PVE.pveStart(function(password) {
++ UI.connect(undefined, password);
+ });
return Promise.resolve(UI.rfb);
@@ -558,20 +560,7 @@ index c1f6776..5ebb134 100644
},
/* ------^-------
-@@ -1015,6 +1028,12 @@ const UI = {
- UI.reconnectPassword = password;
- }
-
-+ var password = document.getElementById('noVNC_password_input').value;
-+
-+ if (!password) {
-+ password = WebUtil.getConfigVar('password');
-+ }
-+
- if (password === null) {
- password = undefined;
- }
-@@ -1689,9 +1708,36 @@ const UI = {
+@@ -1689,9 +1702,36 @@ const UI = {
/* ------^-------
* /EXTRA KEYS
* ==============
diff --git a/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch b/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch
index decde9d..1991bd6 100644
--- a/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch
+++ b/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch
@@ -13,10 +13,10 @@ Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 files changed, 21 insertions(+)
diff --git a/app/ui.js b/app/ui.js
-index 5ebb134..60f4c00 100644
+index c86f36c..5beef1e 100644
--- a/app/ui.js
+++ b/app/ui.js
-@@ -1074,6 +1074,7 @@ const UI = {
+@@ -1068,6 +1068,7 @@ const UI = {
UI.rfb.addEventListener("clipboard", UI.clipboardReceive);
UI.rfb.addEventListener("bell", UI.bell);
UI.rfb.addEventListener("desktopname", UI.updateDesktopName);
@@ -24,7 +24,7 @@ index 5ebb134..60f4c00 100644
UI.rfb.clipViewport = UI.getSetting('view_clip');
UI.rfb.scaleViewport = UI.getSetting('resize') === 'scale';
UI.rfb.resizeSession = UI.getSetting('resize') === 'remote';
-@@ -1733,6 +1734,16 @@ const UI = {
+@@ -1727,6 +1728,16 @@ const UI = {
document.getElementById('pve_commands_button').classList.remove("noVNC_selected");
},
diff --git a/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch b/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch
index 38a35aa..e80835a 100644
--- a/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch
+++ b/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch
@@ -12,10 +12,10 @@ Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
1 file changed, 11 insertions(+)
diff --git a/app/ui.js b/app/ui.js
-index 60f4c00..235b049 100644
+index 5beef1e..1e64f20 100644
--- a/app/ui.js
+++ b/app/ui.js
-@@ -1292,6 +1292,13 @@ const UI = {
+@@ -1286,6 +1286,13 @@ const UI = {
} else if (document.msExitFullscreen) {
document.msExitFullscreen();
}
@@ -29,7 +29,7 @@ index 60f4c00..235b049 100644
} else {
if (document.documentElement.requestFullscreen) {
document.documentElement.requestFullscreen();
-@@ -1302,7 +1309,11 @@ const UI = {
+@@ -1296,7 +1303,11 @@ const UI = {
} else if (document.body.msRequestFullscreen) {
document.body.msRequestFullscreen();
}
diff --git a/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch b/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch
index bdbfd80..e4ede34 100644
--- a/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch
+++ b/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch
@@ -13,7 +13,7 @@ Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/app/ui.js b/app/ui.js
-index 235b049..1d52a5a 100644
+index 1e64f20..1345cc5 100644
--- a/app/ui.js
+++ b/app/ui.js
@@ -73,7 +73,7 @@ const UI = {
@@ -25,7 +25,7 @@ index 235b049..1d52a5a 100644
.then((response) => {
if (!response.ok) {
throw Error("" + response.status + " " + response.statusText);
-@@ -1835,7 +1835,7 @@ l10n.setup(LINGUAS);
+@@ -1829,7 +1829,7 @@ l10n.setup(LINGUAS);
if (l10n.language === "en" || l10n.dictionary !== undefined) {
UI.prime();
} else {
diff --git a/debian/patches/0011-add-localCursor-setting-to-rfb.patch b/debian/patches/0011-add-localCursor-setting-to-rfb.patch
index ba9ba48..ac0ebc5 100644
--- a/debian/patches/0011-add-localCursor-setting-to-rfb.patch
+++ b/debian/patches/0011-add-localCursor-setting-to-rfb.patch
@@ -15,7 +15,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
4 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/app/ui.js b/app/ui.js
-index 1d52a5a..02004c3 100644
+index 1345cc5..b2744bb 100644
--- a/app/ui.js
+++ b/app/ui.js
@@ -180,6 +180,7 @@ const UI = {
@@ -35,7 +35,7 @@ index 1d52a5a..02004c3 100644
UI.addSettingChangeHandler('host');
UI.addSettingChangeHandler('port');
UI.addSettingChangeHandler('path');
-@@ -1076,6 +1079,7 @@ const UI = {
+@@ -1070,6 +1073,7 @@ const UI = {
UI.rfb.addEventListener("desktopname", UI.updateDesktopName);
UI.rfb.addEventListener("fbresize", UI.updateSessionSize);
UI.rfb.clipViewport = UI.getSetting('view_clip');
@@ -43,7 +43,7 @@ index 1d52a5a..02004c3 100644
UI.rfb.scaleViewport = UI.getSetting('resize') === 'scale';
UI.rfb.resizeSession = UI.getSetting('resize') === 'remote';
UI.rfb.qualityLevel = parseInt(UI.getSetting('quality'));
-@@ -1760,6 +1764,12 @@ const UI = {
+@@ -1754,6 +1758,12 @@ const UI = {
* ==============
* MISC
* ------v------*/
diff --git a/debian/patches/0012-pass-custom-command-to-vnc.patch b/debian/patches/0012-pass-custom-command-to-vnc.patch
index 7c993e9..a0989d2 100644
--- a/debian/patches/0012-pass-custom-command-to-vnc.patch
+++ b/debian/patches/0012-pass-custom-command-to-vnc.patch
@@ -10,7 +10,7 @@ Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
1 file changed, 7 insertions(+)
diff --git a/app/pve.js b/app/pve.js
-index e3c7758..446b85d 100644
+index 1a062ad..8ce258c 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -11,6 +11,7 @@ export default function PVEUI(UI){
diff --git a/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch b/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch
index 7758e4a..d9dc07d 100644
--- a/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch
+++ b/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch
@@ -9,7 +9,7 @@ Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/pve.js b/app/pve.js
-index 446b85d..dfff1b0 100644
+index 8ce258c..873c7b5 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -45,7 +45,7 @@ export default function PVEUI(UI){
diff --git a/debian/patches/0015-create-own-class-for-hidden-buttons.patch b/debian/patches/0015-create-own-class-for-hidden-buttons.patch
index 5b78e1e..333c074 100644
--- a/debian/patches/0015-create-own-class-for-hidden-buttons.patch
+++ b/debian/patches/0015-create-own-class-for-hidden-buttons.patch
@@ -13,7 +13,7 @@ Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/app/pve.js b/app/pve.js
-index dfff1b0..4774e3a 100644
+index 873c7b5..f87f01b 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -302,15 +302,15 @@ PVEUI.prototype = {
diff --git a/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch b/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch
index bb4dc78..27d745e 100644
--- a/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch
+++ b/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch
@@ -13,7 +13,7 @@ Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
1 file changed, 7 insertions(+)
diff --git a/app/pve.js b/app/pve.js
-index 4774e3a..583a406 100644
+index f87f01b..368f23a 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -12,6 +12,7 @@ export default function PVEUI(UI){
diff --git a/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch b/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch
index 4d7e407..34c0090 100644
--- a/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch
+++ b/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch
@@ -19,7 +19,7 @@ Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
3 files changed, 107 insertions(+), 5 deletions(-)
diff --git a/app/pve.js b/app/pve.js
-index 583a406..287615f 100644
+index 368f23a..d7fbdd3 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -117,7 +117,7 @@ PVEUI.prototype = {
@@ -72,7 +72,7 @@ index 583a406..287615f 100644
me.API2Request({
url: me.url,
method: 'POST',
-@@ -391,6 +396,36 @@ PVEUI.prototype = {
+@@ -392,6 +397,36 @@ PVEUI.prototype = {
});
},
diff --git a/debian/patches/0019-show-clipboard-button.patch b/debian/patches/0019-show-clipboard-button.patch
index b87229e..f7db533 100644
--- a/debian/patches/0019-show-clipboard-button.patch
+++ b/debian/patches/0019-show-clipboard-button.patch
@@ -6,15 +6,16 @@ Subject: [PATCH] show clipboard button
show button when clipboard at status/current is true
Signed-off-by: Markus Frank <m.frank@proxmox.com>
+Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
---
app/pve.js | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/app/pve.js b/app/pve.js
-index 287615f..1b98f20 100644
+index d7fbdd3..6e69fb6 100644
--- a/app/pve.js
+++ b/app/pve.js
-@@ -411,6 +411,10 @@ PVEUI.prototype = {
+@@ -412,6 +412,10 @@ PVEUI.prototype = {
document.getElementById('pve_start_dlg')
.classList.add("noVNC_open");
}
@@ -25,6 +26,3 @@ index 287615f..1b98f20 100644
},
failure: function(msg, code) {
if (code === 403) {
---
-2.39.2
-
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next reply other threads:[~2024-08-27 13:15 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-27 13:15 Dominik Csapak [this message]
2024-09-06 18:25 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240827131512.2685250-1-d.csapak@proxmox.com \
--to=d.csapak@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox