[FIX] XSS and mobile phone folder picker disabled

kiwix · Nov 5, 2023 · a55d9d2 · a55d9d2
1 parent 5f8ce32
commit a55d9d2
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 7 deletions.
diff --git a/www/js/app.js b/www/js/app.js
@@ -1341,13 +1341,16 @@ let webKitFileList = null
  */
 function displayFileSelect () {
     const isFireFoxOsNativeFileApiAvailable = typeof navigator.getDeviceStorages === 'function';
+    let isPlatformMobilePhone = false;
+    if (/Android/i.test(navigator.userAgent)) isPlatformMobilePhone = true;
+    if (/iphone|ipad|ipod/i.test(navigator.userAgent) || navigator.platform === 'MacIntel' && navigator.maxTouchPoints > 1) isPlatformMobilePhone = true;
 
     console.debug(`File system api is ${params.isFileSystemApiSupported ? '' : 'not '}supported`);
     console.debug(`Webkit directory api ${params.isWebkitDirApiSupported ? '' : 'not '}supported`);
     console.debug(`Firefox os native file ${isFireFoxOsNativeFileApiAvailable ? '' : 'not '}support api`)
-
+    console.log('ASSSSS');
     document.getElementById('openLocalFiles').style.display = 'block';
-    if (params.isFileSystemApiSupported || params.isWebkitDirApiSupported) {
+    if ((params.isFileSystemApiSupported || params.isWebkitDirApiSupported) && !isPlatformMobilePhone) {
         document.getElementById('chooseArchiveFromLocalStorage').style.display = '';
         document.getElementById('folderSelect').style.display = '';
     }
@@ -1398,10 +1401,12 @@ function displayFileSelect () {
         document.getElementById('folderSelect').addEventListener('change', async function (e) {
             e.preventDefault();
             const filenames = [];
+
             const previousZimFile = []
-            const lastFilename = localStorage.getItem('previousZimFileName');
+            const lastFilename = localStorage.getItem('previousZimFileName') ?? '';
             const filenameWithoutExtension = lastFilename.replace(/\.zim\w\w$/i, '');
             const regex = new RegExp(`\\${filenameWithoutExtension}.zim\\w\\w$`, 'i');
+
             for (const file of e.target.files) {
                 filenames.push(file.name);
                 if (regex.test(file.name) || file.name === lastFilename) previousZimFile.push(file);

diff --git a/www/js/lib/abstractFilesystemAccess.js b/www/js/lib/abstractFilesystemAccess.js
@@ -104,17 +104,22 @@ async function updateZimDropdownOptions (files, selectedFile) {
     if (isFireFoxOsNativeFileApiAvailable) return // do nothing let other function handle it
 
     const select = document.getElementById('archiveList');
-    let options = '';
+    const options = [];
     let count = 0;
-    if (files.length !== 0) options += `<option value="" disabled>${translateUI.t('configure-select-file-first-option')}</option>`;
+    select.innerHTML = '';
+    if (files.length !== 0) {
+        const placeholderOption = new Option(translateUI.t('configure-select-file-first-option'), '');
+        placeholderOption.disabled = true;
+        select.appendChild(placeholderOption);
+    };
 
     files.forEach((fileName) => {
         if (fileName.endsWith('.zim') || fileName.endsWith('.zimaa')) {
-            options += `<option value="${fileName}">${fileName}</option>`;
+            options.push(new Option(fileName, fileName));
+            select.appendChild(new Option(fileName, fileName));
             count++;
         }
     });
-    select.innerHTML = options;
     document.getElementById('archiveList').value = selectedFile;
     document.getElementById('numberOfFilesCount').style.display = '';
     document.getElementById('fileCountDisplay').style.display = '';