[pve-devel] [PATCH novnc] fix #5639: prevent browser from trying to save novnc password
Dominik Csapak
d.csapak at proxmox.com
Tue Aug 27 15:15:12 CEST 2024
by not using the password input at all, but pass the password
to the connect function manually
this changes the first patch instead of adding another one, since
it only touches code from that.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
.../0001-add-PVE-specific-JS-code.patch | 37 +++++++------------
...002-add-custom-fbresize-event-on-rfb.patch | 6 +--
...nge-scaling-when-toggling-fullscreen.patch | 6 +--
...rectory-for-fetching-images-js-files.patch | 4 +-
.../0011-add-localCursor-setting-to-rfb.patch | 6 +--
.../0012-pass-custom-command-to-vnc.patch | 2 +-
...passing-deprecated-upgrade-parameter.patch | 2 +-
...-create-own-class-for-hidden-buttons.patch | 2 +-
...-button-on-isFullscreen-get-variable.patch | 2 +-
...ow-start-button-on-not-running-vm-ct.patch | 4 +-
.../patches/0019-show-clipboard-button.patch | 8 ++--
11 files changed, 33 insertions(+), 46 deletions(-)
diff --git a/debian/patches/0001-add-PVE-specific-JS-code.patch b/debian/patches/0001-add-PVE-specific-JS-code.patch
index 904adda..ca01d11 100644
--- a/debian/patches/0001-add-PVE-specific-JS-code.patch
+++ b/debian/patches/0001-add-PVE-specific-JS-code.patch
@@ -12,18 +12,18 @@ for `autoresizing`, `commandstoggle`, etc., get setup.
Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---
- app/pve.js | 427 +++++++++++++++++++++++++++++++++++++++++++++++++++++
- app/ui.js | 66 +++++++--
+ app/pve.js | 428 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ app/ui.js | 62 ++++++--
vnc.html | 10 +-
- 3 files changed, 489 insertions(+), 14 deletions(-)
+ 3 files changed, 485 insertions(+), 15 deletions(-)
create mode 100644 app/pve.js
diff --git a/app/pve.js b/app/pve.js
new file mode 100644
-index 0000000..e3c7758
+index 0000000..1a062ad
--- /dev/null
+++ b/app/pve.js
-@@ -0,0 +1,427 @@
+@@ -0,0 +1,428 @@
+/*
+ * PVE Utility functions for noVNC
+ * Copyright (C) 2017 Proxmox GmbH
@@ -392,10 +392,11 @@ index 0000000..e3c7758
+ vncticket: result.data.ticket
+ });
+
-+ document.getElementById('noVNC_password_input').value = result.data.ticket;
++ let password = result.data.ticket;
++ me.UI.reconnectPassword = password;
+ me.UI.forceSetting('path', 'api2/json' + me.baseUrl + '/vncwebsocket' + "?" + wsparams);
+
-+ callback();
++ callback(password);
+ },
+ failure: function(msg) {
+ me.UI.showStatus(msg, 'error');
@@ -452,7 +453,7 @@ index 0000000..e3c7758
+ },
+};
diff --git a/app/ui.js b/app/ui.js
-index c1f6776..5ebb134 100644
+index c1f6776..c86f36c 100644
--- a/app/ui.js
+++ b/app/ui.js
@@ -17,6 +17,7 @@ import keysyms from "../core/input/keysymdef.js";
@@ -495,13 +496,14 @@ index c1f6776..5ebb134 100644
- let autoconnect = WebUtil.getConfigVar('autoconnect', false);
- if (autoconnect === 'true' || autoconnect == '1') {
- autoconnect = true;
-+ UI.PVE.pveStart(function() {
- UI.connect();
+- UI.connect();
- } else {
- autoconnect = false;
- // Show the connect panel on first load unless autoconnecting
- UI.openConnectPanel();
- }
++ UI.PVE.pveStart(function(password) {
++ UI.connect(undefined, password);
+ });
return Promise.resolve(UI.rfb);
@@ -558,20 +560,7 @@ index c1f6776..5ebb134 100644
},
/* ------^-------
-@@ -1015,6 +1028,12 @@ const UI = {
- UI.reconnectPassword = password;
- }
-
-+ var password = document.getElementById('noVNC_password_input').value;
-+
-+ if (!password) {
-+ password = WebUtil.getConfigVar('password');
-+ }
-+
- if (password === null) {
- password = undefined;
- }
-@@ -1689,9 +1708,36 @@ const UI = {
+@@ -1689,9 +1702,36 @@ const UI = {
/* ------^-------
* /EXTRA KEYS
* ==============
diff --git a/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch b/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch
index decde9d..1991bd6 100644
--- a/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch
+++ b/debian/patches/0002-add-custom-fbresize-event-on-rfb.patch
@@ -13,10 +13,10 @@ Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
2 files changed, 21 insertions(+)
diff --git a/app/ui.js b/app/ui.js
-index 5ebb134..60f4c00 100644
+index c86f36c..5beef1e 100644
--- a/app/ui.js
+++ b/app/ui.js
-@@ -1074,6 +1074,7 @@ const UI = {
+@@ -1068,6 +1068,7 @@ const UI = {
UI.rfb.addEventListener("clipboard", UI.clipboardReceive);
UI.rfb.addEventListener("bell", UI.bell);
UI.rfb.addEventListener("desktopname", UI.updateDesktopName);
@@ -24,7 +24,7 @@ index 5ebb134..60f4c00 100644
UI.rfb.clipViewport = UI.getSetting('view_clip');
UI.rfb.scaleViewport = UI.getSetting('resize') === 'scale';
UI.rfb.resizeSession = UI.getSetting('resize') === 'remote';
-@@ -1733,6 +1734,16 @@ const UI = {
+@@ -1727,6 +1728,16 @@ const UI = {
document.getElementById('pve_commands_button').classList.remove("noVNC_selected");
},
diff --git a/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch b/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch
index 38a35aa..e80835a 100644
--- a/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch
+++ b/debian/patches/0003-change-scaling-when-toggling-fullscreen.patch
@@ -12,10 +12,10 @@ Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
1 file changed, 11 insertions(+)
diff --git a/app/ui.js b/app/ui.js
-index 60f4c00..235b049 100644
+index 5beef1e..1e64f20 100644
--- a/app/ui.js
+++ b/app/ui.js
-@@ -1292,6 +1292,13 @@ const UI = {
+@@ -1286,6 +1286,13 @@ const UI = {
} else if (document.msExitFullscreen) {
document.msExitFullscreen();
}
@@ -29,7 +29,7 @@ index 60f4c00..235b049 100644
} else {
if (document.documentElement.requestFullscreen) {
document.documentElement.requestFullscreen();
-@@ -1302,7 +1309,11 @@ const UI = {
+@@ -1296,7 +1303,11 @@ const UI = {
} else if (document.body.msRequestFullscreen) {
document.body.msRequestFullscreen();
}
diff --git a/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch b/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch
index bdbfd80..e4ede34 100644
--- a/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch
+++ b/debian/patches/0006-change-source-directory-for-fetching-images-js-files.patch
@@ -13,7 +13,7 @@ Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
2 files changed, 29 insertions(+), 29 deletions(-)
diff --git a/app/ui.js b/app/ui.js
-index 235b049..1d52a5a 100644
+index 1e64f20..1345cc5 100644
--- a/app/ui.js
+++ b/app/ui.js
@@ -73,7 +73,7 @@ const UI = {
@@ -25,7 +25,7 @@ index 235b049..1d52a5a 100644
.then((response) => {
if (!response.ok) {
throw Error("" + response.status + " " + response.statusText);
-@@ -1835,7 +1835,7 @@ l10n.setup(LINGUAS);
+@@ -1829,7 +1829,7 @@ l10n.setup(LINGUAS);
if (l10n.language === "en" || l10n.dictionary !== undefined) {
UI.prime();
} else {
diff --git a/debian/patches/0011-add-localCursor-setting-to-rfb.patch b/debian/patches/0011-add-localCursor-setting-to-rfb.patch
index ba9ba48..ac0ebc5 100644
--- a/debian/patches/0011-add-localCursor-setting-to-rfb.patch
+++ b/debian/patches/0011-add-localCursor-setting-to-rfb.patch
@@ -15,7 +15,7 @@ Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
4 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/app/ui.js b/app/ui.js
-index 1d52a5a..02004c3 100644
+index 1345cc5..b2744bb 100644
--- a/app/ui.js
+++ b/app/ui.js
@@ -180,6 +180,7 @@ const UI = {
@@ -35,7 +35,7 @@ index 1d52a5a..02004c3 100644
UI.addSettingChangeHandler('host');
UI.addSettingChangeHandler('port');
UI.addSettingChangeHandler('path');
-@@ -1076,6 +1079,7 @@ const UI = {
+@@ -1070,6 +1073,7 @@ const UI = {
UI.rfb.addEventListener("desktopname", UI.updateDesktopName);
UI.rfb.addEventListener("fbresize", UI.updateSessionSize);
UI.rfb.clipViewport = UI.getSetting('view_clip');
@@ -43,7 +43,7 @@ index 1d52a5a..02004c3 100644
UI.rfb.scaleViewport = UI.getSetting('resize') === 'scale';
UI.rfb.resizeSession = UI.getSetting('resize') === 'remote';
UI.rfb.qualityLevel = parseInt(UI.getSetting('quality'));
-@@ -1760,6 +1764,12 @@ const UI = {
+@@ -1754,6 +1758,12 @@ const UI = {
* ==============
* MISC
* ------v------*/
diff --git a/debian/patches/0012-pass-custom-command-to-vnc.patch b/debian/patches/0012-pass-custom-command-to-vnc.patch
index 7c993e9..a0989d2 100644
--- a/debian/patches/0012-pass-custom-command-to-vnc.patch
+++ b/debian/patches/0012-pass-custom-command-to-vnc.patch
@@ -10,7 +10,7 @@ Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
1 file changed, 7 insertions(+)
diff --git a/app/pve.js b/app/pve.js
-index e3c7758..446b85d 100644
+index 1a062ad..8ce258c 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -11,6 +11,7 @@ export default function PVEUI(UI){
diff --git a/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch b/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch
index 7758e4a..d9dc07d 100644
--- a/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch
+++ b/debian/patches/0014-avoid-passing-deprecated-upgrade-parameter.patch
@@ -9,7 +9,7 @@ Signed-off-by: Fabian Ebner <f.ebner at proxmox.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/pve.js b/app/pve.js
-index 446b85d..dfff1b0 100644
+index 8ce258c..873c7b5 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -45,7 +45,7 @@ export default function PVEUI(UI){
diff --git a/debian/patches/0015-create-own-class-for-hidden-buttons.patch b/debian/patches/0015-create-own-class-for-hidden-buttons.patch
index 5b78e1e..333c074 100644
--- a/debian/patches/0015-create-own-class-for-hidden-buttons.patch
+++ b/debian/patches/0015-create-own-class-for-hidden-buttons.patch
@@ -13,7 +13,7 @@ Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/app/pve.js b/app/pve.js
-index dfff1b0..4774e3a 100644
+index 873c7b5..f87f01b 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -302,15 +302,15 @@ PVEUI.prototype = {
diff --git a/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch b/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch
index bb4dc78..27d745e 100644
--- a/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch
+++ b/debian/patches/0016-hide-fullscreen-button-on-isFullscreen-get-variable.patch
@@ -13,7 +13,7 @@ Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
1 file changed, 7 insertions(+)
diff --git a/app/pve.js b/app/pve.js
-index 4774e3a..583a406 100644
+index f87f01b..368f23a 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -12,6 +12,7 @@ export default function PVEUI(UI){
diff --git a/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch b/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch
index 4d7e407..34c0090 100644
--- a/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch
+++ b/debian/patches/0018-show-start-button-on-not-running-vm-ct.patch
@@ -19,7 +19,7 @@ Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
3 files changed, 107 insertions(+), 5 deletions(-)
diff --git a/app/pve.js b/app/pve.js
-index 583a406..287615f 100644
+index 368f23a..d7fbdd3 100644
--- a/app/pve.js
+++ b/app/pve.js
@@ -117,7 +117,7 @@ PVEUI.prototype = {
@@ -72,7 +72,7 @@ index 583a406..287615f 100644
me.API2Request({
url: me.url,
method: 'POST',
-@@ -391,6 +396,36 @@ PVEUI.prototype = {
+@@ -392,6 +397,36 @@ PVEUI.prototype = {
});
},
diff --git a/debian/patches/0019-show-clipboard-button.patch b/debian/patches/0019-show-clipboard-button.patch
index b87229e..f7db533 100644
--- a/debian/patches/0019-show-clipboard-button.patch
+++ b/debian/patches/0019-show-clipboard-button.patch
@@ -6,15 +6,16 @@ Subject: [PATCH] show clipboard button
show button when clipboard at status/current is true
Signed-off-by: Markus Frank <m.frank at proxmox.com>
+Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
app/pve.js | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/app/pve.js b/app/pve.js
-index 287615f..1b98f20 100644
+index d7fbdd3..6e69fb6 100644
--- a/app/pve.js
+++ b/app/pve.js
-@@ -411,6 +411,10 @@ PVEUI.prototype = {
+@@ -412,6 +412,10 @@ PVEUI.prototype = {
document.getElementById('pve_start_dlg')
.classList.add("noVNC_open");
}
@@ -25,6 +26,3 @@ index 287615f..1b98f20 100644
},
failure: function(msg, code) {
if (code === 403) {
---
-2.39.2
-
--
2.39.2
More information about the pve-devel
mailing list