Bug 1472606 - Enable self-xss protection on CodeMirror JsTerm; r=Honza.
authorNicolas Chevobbe <nchevobbe@mozilla.com>
Mon, 02 Jul 2018 08:40:46 +0200
changeset 815178 a4c3f565ace1fed088a4571031b8ffb315fb8475
parent 815177 8a5c225c9937574ce0e00ed0f3d3d3796ee4ba47
child 815179 bb94d7f91e67a64ceb45641343d455781162a650
push id115462
push userbmo:mreschenberg@berkeley.edu
push dateFri, 06 Jul 2018 22:06:52 +0000
reviewersHonza
bugs1472606
milestone63.0a1
Bug 1472606 - Enable self-xss protection on CodeMirror JsTerm; r=Honza. Event handlers needed to be added to the codeMirror editor in order to enable the self-XSS protection that we have on the console. MozReview-Commit-ID: IIMhhUb5Qj1
devtools/client/webconsole/components/App.js
devtools/client/webconsole/components/JSTerm.js
--- a/devtools/client/webconsole/components/App.js
+++ b/devtools/client/webconsole/components/App.js
@@ -74,48 +74,47 @@ class App extends Component {
     event.preventDefault();
     event.stopPropagation();
 
     // Bail out if self-xss notification is already there.
     if (getNotificationWithValue(notifications, "selfxss-notification")) {
       return;
     }
 
-    const inputField = this.node.querySelector(".jsterm-input-node");
+    const input = event.target;
 
     // Cleanup function if notification is closed by the user.
     const removeCallback = (eventType) => {
       if (eventType == "removed") {
-        inputField.removeEventListener("keyup", pasteKeyUpHandler);
+        input.removeEventListener("keyup", pasteKeyUpHandler);
         dispatch(actions.removeNotification("selfxss-notification"));
       }
     };
 
     // Create self-xss notification
     dispatch(actions.appendNotification(
       SELF_XSS_MSG,
       "selfxss-notification",
       null,
       PriorityLevels.PRIORITY_WARNING_HIGH,
       null,
       removeCallback
     ));
 
-    // Remove notification automatically when the user
-    // types "allow pasting".
-    function pasteKeyUpHandler() {
-      const value = inputField.value || inputField.textContent;
+    // Remove notification automatically when the user types "allow pasting".
+    const pasteKeyUpHandler = (e) => {
+      const value = e.target.value;
       if (value.includes(SELF_XSS_OK)) {
         dispatch(actions.removeNotification("selfxss-notification"));
-        inputField.removeEventListener("keyup", pasteKeyUpHandler);
+        input.removeEventListener("keyup", pasteKeyUpHandler);
         WebConsoleUtils.usageCount = WebConsoleUtils.CONSOLE_ENTRY_THRESHOLD;
       }
-    }
+    };
 
-    inputField.addEventListener("keyup", pasteKeyUpHandler);
+    input.addEventListener("keyup", pasteKeyUpHandler);
   }
 
   // Rendering
 
   render() {
     const {
       attachRefToHud,
       hud,
--- a/devtools/client/webconsole/components/JSTerm.js
+++ b/devtools/client/webconsole/components/JSTerm.js
@@ -272,17 +272,21 @@ class JSTerm extends Component {
                 return null;
               }
 
               this.clearCompletion();
               return "CodeMirror.Pass";
             }
           }
         });
+
         this.editor.appendToLocalElement(this.node);
+        const cm = this.editor.codeMirror;
+        cm.on("paste", (_, event) => this.props.onPaste(event));
+        cm.on("drop", (_, event) => this.props.onPaste(event));
       }
     } else if (this.inputNode) {
       this.inputNode.addEventListener("keypress", this._keyPress);
       this.inputNode.addEventListener("input", this._inputEventHandler);
       this.inputNode.addEventListener("keyup", this._inputEventHandler);
       this.inputNode.addEventListener("focus", this._focusEventHandler);
       this.focus();
     }