source: apps/routerconsole/jsp/css.jsi @ b8437cd

Last change on this file since b8437cd was b8437cd, checked in by zzz <zzz@…>, 2 years ago

Console: Catch ISE in get/setAttribute() (ticket #1529)

  • Property mode set to 100644
File size: 3.4 KB
Line 
1<%
2   /*
3    * This should be included inside <head>...</head>,
4    * as it sets the stylesheet.
5    *
6    * This is included almost 30 times, so keep whitespace etc. to a minimum.
7    */
8
9   // http://www.crazysquirrel.com/computing/general/form-encoding.jspx
10   if (request.getCharacterEncoding() == null)
11       request.setCharacterEncoding("UTF-8");
12
13   // Now that we use POST for most forms, these prevent the back button from working after a form submit
14   // Just let the browser do its thing
15   //response.setHeader("Pragma", "no-cache");
16   //response.setHeader("Cache-Control","no-cache");
17   //response.setDateHeader("Expires", 0);
18
19   // the above will b0rk if the servlet engine has already flushed
20   // the response prior to including this file, so it should be
21   // near the top
22
23   String i2pcontextId = request.getParameter("i2p.contextId");
24   try {
25       if (i2pcontextId != null) {
26           session.setAttribute("i2p.contextId", i2pcontextId);
27       } else {
28           i2pcontextId = (String) session.getAttribute("i2p.contextId");
29       }
30   } catch (IllegalStateException ise) {}
31%>
32<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
33<jsp:useBean class="net.i2p.router.web.CSSHelper" id="intl" scope="request" />
34<jsp:setProperty name="intl" property="contextId" value="<%=i2pcontextId%>" />
35<link rel="icon" href="<%=intl.getTheme(request.getHeader("User-Agent"))%>images/favicon.ico">
36<%
37   response.setHeader("Accept-Ranges", "none");
38
39   // clickjacking
40   if (intl.shouldSendXFrame()) {
41      response.setHeader("X-Frame-Options", "SAMEORIGIN");
42      response.setHeader("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'");
43      response.setHeader("X-XSS-Protection", "1; mode=block");
44      response.setHeader("X-Content-Type-Options", "nosniff");
45   }
46   // https://www.w3.org/TR/referrer-policy/
47   // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
48   // As of Chrome 56, Firefox 50, Opera 43. "same-origin" not widely supported.
49   response.setHeader("Referrer-Policy", "no-referrer");
50
51   String conNonceParam = request.getParameter("consoleNonce");
52   if (net.i2p.router.web.CSSHelper.getNonce().equals(conNonceParam)) {
53       intl.setLang(request.getParameter("lang"));
54       intl.setNews(request.getParameter("news"));
55   }
56%>
57<link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
58<%
59   if (intl.getLang().equals("zh")) {
60       // make the fonts bigger for chinese
61%>
62<link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console_big.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
63<%
64   } else if (intl.getLang().equals("ar")) {
65       // Use RTL theme for Arabic
66%>
67<link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>console_ar.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
68<%
69   }
70   if (!intl.allowIFrame(request.getHeader("User-Agent"))) {
71%>
72<meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" />
73<link href="<%=intl.getTheme(request.getHeader("User-Agent"))%>mobile.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css">
74<%
75   }
76%>
77<!--[if IE]><link href="/themes/console/classic/ieshim.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" /><![endif]-->
Note: See TracBrowser for help on using the repository browser.