Mirrors/overte
3
0
Fork 0
mirror of https://github.com/overte-org/overte.git synced 2025-08-09 15:29:32 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Lint

Browse source
This commit is contained in:
Kasen IO 2020-01-27 13:13:36 -05:00
parent 8b03d1bd19
commit 428a5b65ff
2 changed files with 123 additions and 123 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
interface/resources/qml/hifi/dialogs/security/EntityScriptQMLWhitelist.qml
View file

@ -174,20 +174,20 @@ Rectangle {
HifiStylesUit.RalewayRegular {
id: descriptionText;
text:
"The whitelist checks scripts & QML as they are loaded.<br/>
Therefore, if a script is cached or has no reason to load again,<br/>
removing it from the whitelist will have no effect until<br/>
it is reloaded.<br/>
Separate your whitelisted domains by line, not commas. e.g.
<blockquote>
"The whitelist checks scripts and QML as they are loaded.<br/>
Therefore, if a script is cached or has no reason to load again,<br/>
removing it from the whitelist will have no effect until<br/>
it is reloaded.<br/>
Separate your whitelisted domains by line, not commas. e.g.
<blockquote>
<b>https://google.com/</b><br/>
<b>hifi://the-spot/</b><br/>
<b>127.0.0.1</b><br/>
<b>https://mydomain.here/</b>
</blockquote>
Ensure there are no spaces or whitespace.<br/><br/>
For QML files, you can only whitelist each file individually <br/>
ending with '.qml'."
</blockquote>
Ensure there are no spaces or whitespace.<br/><br/>
For QML files, you can only whitelist each file individually<br/>
ending with '.qml'."
// Text size
size: 16;
// Style

16
libraries/script-engine/src/ScriptEngine.cpp
View file

@ -2369,20 +2369,20 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
QList<QString> safeURLPrefixes = { "file:///", "atp:", "cache:" };
safeURLPrefixes += qEnvironmentVariable("EXTRA_WHITELIST").trimmed().split(QRegExp("\\s*,\\s*"), QString::SkipEmptyParts);
// ENTITY SCRIPT WHITELIST TOGGLE CHECK
// Entity Script Whitelist toggle check.
Setting::Handle<bool> whitelistEnabled {"private/whitelistEnabled", false };
if (!whitelistEnabled.get()) {
passList = true;
}
// PULL SAFEURLS FROM INTERFACE.JSON Settings
// Pull SAFEURLS from the Interface.JSON settings.
QVariant raw = Setting::Handle<QVariant>("private/settingsSafeURLS").get();
QStringList settingsSafeURLS = raw.toString().trimmed().split(QRegExp("\\s*[,\r\n]+\\s*"), QString::SkipEmptyParts);
safeURLPrefixes += settingsSafeURLS;
// END PULL SAFEURLS FROM INTERFACE.JSON Settings
// END Pull SAFEURLS from the Interface.JSON settings.
// GET CURRENT DOMAIN WHITELIST BYPASS, IN CASE AN ENTIRE DOMAIN IS WHITELISTED
// Get current domain whitelist bypass, in case an entire domain is whitelisted.
QString currentDomain = DependencyManager::get<AddressManager>()->getDomainURL().host();
QString domainSafeIP = nodeList->getDomainHandler().getHostname();
@ -2395,9 +2395,9 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
passList = true;
}
}
// END CURRENT DOMAIN WHITELIST BYPASS
// END bypass whitelist based on current domain.
// START CHECKING AGAINST THE WHITELIST
// Start processing scripts through the whitelist.
if (ScriptEngine::getContext() == "entity_server") { // If running on the server, do not engage whitelist.
passList = true;
} else if (!passList) { // If waved through, do not engage whitelist.
@ -2407,11 +2407,11 @@ void ScriptEngine::entityScriptContentAvailable(const EntityItemID& entityID, co
if (!str.isEmpty() && scriptOrURL.startsWith(str)) {
passList = true;
qCDebug(scriptengine) << whitelistPrefix << "Script approved.";
break; // bail early since we found a match
break; // Bail early since we found a match.
}
}
}
// END CHECKING AGAINST THE WHITELIST
// END processing of scripts through the whitelist.
if (!passList) { // If the entity failed to pass for any reason, it's blocked and an error is thrown.
qCDebug(scriptengine) << whitelistPrefix << "(disabled entity script)" << entityID.toString() << scriptOrURL;