[pbs-devel] [PATCH proxmox-backup 2/4] ui: show consent banner before login
Thomas Lamprecht
t.lamprecht at proxmox.com
Wed May 22 17:21:10 CEST 2024
Am 22/05/2024 um 15:19 schrieb Gabriel Goller:
> Before showing the LoginView, check if we got a non-empty consent text
> from the template. If there is a non-empty text, display it in a modal.
>
> Signed-off-by: Gabriel Goller <g.goller at proxmox.com>
> ---
> www/LoginView.js | 9 +++++++++
> www/index.hbs | 1 +
> 2 files changed, 10 insertions(+)
>
> diff --git a/www/LoginView.js b/www/LoginView.js
> index d4d8e73e..96f97da7 100644
> --- a/www/LoginView.js
> +++ b/www/LoginView.js
> @@ -20,6 +20,15 @@ Ext.define('PBS.LoginView', {
> controller: {
> xclass: 'Ext.app.ViewController',
>
> + init: async function() {
> + if (Proxmox.consentText !== "") {
> + Ext.create('Proxmox.window.ConsentModal', {
> + autoShow: true,
> + consent: Proxmox.consentText,
> + });
> + }
> + },
> +
> submitForm: async function() {
> var me = this;
> var loginForm = me.lookupReference('loginForm');
> diff --git a/www/index.hbs b/www/index.hbs
> index 824268e3..8a065a94 100644
> --- a/www/index.hbs
> +++ b/www/index.hbs
> @@ -38,6 +38,7 @@
> UserName: "{{ UserName }}",
> defaultLang: "{{ language }}",
> CSRFPreventionToken: "{{ CSRFPreventionToken }}",
> + consentText: `{{ consentText }}`,
My knowledge about handlebars template and our integration of them is a bit
rusty, but are we sure that above does not allow code injection that can
alter the UI in some odd way, less an issue for users but might allow easily
to replace our product trademarks and other barriers that ensure that our
product stay economically viable without having to modify the code?
> };
> </script>
> <script type="text/javascript" src="/widgettoolkit/proxmoxlib.js"></script>
More information about the pbs-devel
mailing list