web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Hide the crypto keys from the hash

Browse Source
This commit is contained in:
yflory 2020-01-27 12:18:25 +01:00
parent e3f5c89333
commit 0ad96e0966
8 changed files with 251 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
www/common/common-hash.js
View File

@ -60,6 +60,18 @@ var factory = function (Util, Crypto, Nacl) {
return '/2/' + secret.type + '/view/' + Crypto.b64RemoveSlashes(data.viewKeyStr) + '/' + pass;
}
};
Hash.getHiddenHashFromKeys = function (type, secret, opts) {
var mode = (secret.keys && secret.keys.editKeyStr) ? 'edit' : 'view';
var pass = secret.password ? 'p/' : '';
var hash = '/2/' + secret.type + '/' + mode + '/' + secret.channel + '/' + pass;
var href = '/' + type + '/#' + hash;
var parsed = Hash.parsePadUrl(href);
if (parsed.hashData && parsed.hashData.getHash) {
return parsed.hashData.getHash(opts || {});
}
return hash;
};
var getFileHashFromKeys = Hash.getFileHashFromKeys = function (secret) {
var version = secret.version;
var data = secret.keys;
@ -192,6 +204,13 @@ Version 1
if (opts.present) { hash += 'present/'; }
return hash;
};
parsed.getOptions = function () {
return {
embed: parsed.embed,
present: parsed.present,
ownerKey: parsed.ownerKey
};
};
return parsed;
}
if (hashArr[1] && hashArr[1] === '2') { // Version 2
@ -221,6 +240,13 @@ Version 1
if (opts.present) { hash += 'present/'; }
return hash;
};
parsed.getOptions = function () {
return {
embed: parsed.embed,
present: parsed.present,
ownerKey: parsed.ownerKey
};
};
return parsed;
}
return parsed;
@ -256,6 +282,13 @@ Version 1
if (opts.present) { hash += 'present/'; }
return hash;
};
parsed.getOptions = function () {
return {
embed: parsed.embed,
present: parsed.present,
ownerKey: parsed.ownerKey
};
};
return parsed;
}
return parsed;
@ -309,6 +342,10 @@ Version 1
url += '#' + hash;
return url;
};
ret.getOptions = function () {
if (!ret.hashData || !ret.hashData.getOptions) { return {}; }
return ret.hashData.getOptions();
};
if (!/^https*:\/\//.test(href)) {
idx = href.indexOf('/#');
@ -497,8 +534,9 @@ Version 1
if (typeof(parsed.hashData.version) === "undefined") { return; }
// pads and files should have a base64 (or hex) key
if (parsed.hashData.type === 'pad' || parsed.hashData.type === 'file') {
if (!parsed.hashData.key) { return; }
if (!/^[a-zA-Z0-9+-/=]+$/.test(parsed.hashData.key)) { return; }
if (!parsed.hashData.key && !parsed.hashData.channel) { return; }
if (parsed.hashData.key && !/^[a-zA-Z0-9+-/=]+$/.test(parsed.hashData.key)) { return; }
if (parsed.hashData.channel && !/^[a-f0-9]{32,34}$/.test(parsed.hashData.channel)) { return; }
}
}
return true;

40
www/common/cryptpad-common.js
View File

@ -49,6 +49,12 @@ define([
account: {},
};
// Store the href in memory
// This is a placeholder value overriden in common.ready from sframe-common-outer
var currentPad = {
href: window.location.href
};
// COMMON
common.getLanguage = function () {
return Messages._languageUsed;
@ -374,7 +380,7 @@ define([
common.getMetadata = function (cb) {
var parsed = Hash.parsePadUrl(window.location.href);
var parsed = Hash.parsePadUrl(currentPad.href);
postMessage("GET_METADATA", parsed && parsed.type, function (obj) {
if (obj && obj.error) { return void cb(obj.error); }
cb(null, obj);
@ -394,7 +400,7 @@ define([
common.setPadAttribute = function (attr, value, cb, href) {
cb = cb || function () {};
href = Hash.getRelativeHref(href || window.location.href);
href = Hash.getRelativeHref(href || currentPad.href);
postMessage("SET_PAD_ATTRIBUTE", {
href: href,
attr: attr,
@ -405,7 +411,7 @@ define([
});
};
common.getPadAttribute = function (attr, cb, href) {
href = Hash.getRelativeHref(href || window.location.href);
href = Hash.getRelativeHref(href || currentPad.href);
if (!href) {
return void cb('E404');
}
@ -505,7 +511,7 @@ define([
};
common.saveAsTemplate = function (Cryptput, data, cb) {
var p = Hash.parsePadUrl(window.location.href);
var p = Hash.parsePadUrl(currentPad.href);
if (!p.type) { return; }
// PPP: password for the new template?
var hash = Hash.createRandomHash(p.type);
@ -543,7 +549,7 @@ define([
var href = data.href;
var parsed = Hash.parsePadUrl(href);
var parsed2 = Hash.parsePadUrl(window.location.href);
var parsed2 = Hash.parsePadUrl(currentPad.href);
if(!parsed) { throw new Error("Cannot get template hash"); }
postMessage("INCREMENT_TEMPLATE_USE", href);
@ -601,7 +607,7 @@ define([
var fileHost = Config.fileHost || window.location.origin;
var data = common.fromFileData;
var parsed = Hash.parsePadUrl(data.href);
var parsed2 = Hash.parsePadUrl(window.location.href);
var parsed2 = Hash.parsePadUrl(currentPad.href);
var hash = parsed.hash;
var name = data.title;
var secret = Hash.getSecrets('file', hash, data.password);
@ -660,7 +666,7 @@ define([
// Forget button
common.moveToTrash = function (cb, href) {
href = href || window.location.href;
href = href || currentPad.href;
postMessage("MOVE_TO_TRASH", { href: href }, cb);
};
@ -668,7 +674,7 @@ define([
common.setPadTitle = function (data, cb) {
if (!data || typeof (data) !== "object") { return cb ('Data is not an object'); }
var href = data.href || window.location.href;
var href = data.href || currentPad.href;
var parsed = Hash.parsePadUrl(href);
if (!parsed.hash) { return cb ('Invalid hash'); }
data.href = parsed.getUrl({present: parsed.present});
@ -698,7 +704,7 @@ define([
if (obj.error !== "EAUTH") { console.log("unable to set pad title"); }
return void cb(obj.error);
}
cb();
cb(null, obj);
});
};
@ -755,6 +761,13 @@ define([
cb(void 0, data);
});
};
// Get data about a given channel: use with hidden hashes
common.getPadDataFromChannel = function (obj, cb) {
if (!obj || !obj.channel || !obj.edit) { return void cb('EINVAL'); }
postMessage("GET_PAD_DATA_FROM_CHANNEL", obj, function (data) {
cb(void 0, data);
});
};
// Admin
@ -1608,7 +1621,7 @@ define([
hashes = Hash.getHashes(secret);
return void cb(null, hashes);
}
var parsed = Hash.parsePadUrl(window.location.href);
var parsed = Hash.parsePadUrl(currentPad.href);
if (!parsed.type || !parsed.hashData) { return void cb('E_INVALID_HREF'); }
hashes = Hash.getHashes(secret);
@ -1679,7 +1692,7 @@ define([
LocalStore.logout();
// redirect them to log in, and come back when they're done.
sessionStorage.redirectTo = window.location.href;
sessionStorage.redirectTo = currentPad.href;
window.location.href = '/login/';
};
@ -1780,6 +1793,11 @@ define([
return function (f, rdyCfg) {
rdyCfg = rdyCfg || {};
if (rdyCfg.currentPad) {
currentPad = rdyCfg.currentPad;
}
if (initialized) {
return void setTimeout(function () { f(void 0, env); });
}

10
www/common/onlyoffice/main.js
View File

@ -9,6 +9,7 @@ define([
var requireConfig = RequireConfig();
// Loaded in load #2
var hash, href;
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
@ -19,6 +20,13 @@ define([
};
window.rc = requireConfig;
window.apiconf = ApiConfig;
// Hidden hash
hash = window.location.hash;
href = window.location.href;
if (window.history && window.history.replaceState) {
window.history.replaceState({}, window.document.title, '#');
}
document.getElementById('sbox-iframe').setAttribute('src',
ApiConfig.httpSafeOrigin + window.location.pathname + 'inner.html?' +
requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req)));
@ -144,6 +152,8 @@ define([
});
};
SFCommonO.start({
hash: hash,
href: href,
type: 'oo',
useCreationScreen: true,
addData: addData,

39
www/common/outer/async-store.js
View File

@ -1016,8 +1016,12 @@ define([
if (title.trim() === "") { title = UserObject.getDefaultName(p); }
if (AppConfig.disableAnonymousStore && !store.loggedIn) { return void cb(); }
if (p.type === "debug") { return void cb(); }
if (AppConfig.disableAnonymousStore && !store.loggedIn) {
return void cb({ notStored: true });
}
if (p.type === "debug") {
return void cb({ notStored: true });
}
var channelData = Store.channels && Store.channels[channel];
@ -1108,7 +1112,7 @@ define([
postMessage(clientId, "AUTOSTORE_DISPLAY_POPUP", {
autoStore: autoStore
});
return void cb();
return void cb({ notStored: true });
} else {
var roHref;
if (h.mode === "view") {
@ -1187,7 +1191,9 @@ define([
});
cb(list);
};
// Get the first pad we can find in any of our managers and return its file data
// Get the first pad we can find in any of our drives and return its file data
// NOTE: This is currently only used for template: this won't search inside shared folders
Store.getPadData = function (clientId, id, cb) {
var res = {};
getAllStores().some(function (s) {
@ -1199,6 +1205,31 @@ define([
cb(res);
};
Store.getPadDataFromChannel = function (clientId, obj, cb) {
var channel = obj.channel;
var edit = obj.edit;
var res;
var viewRes;
getAllStores().some(function (s) {
var chans = s.manager.findChannel(channel);
if (!Array.isArray(chans)) { return; }
return chans.some(function (pad) {
if (!pad || !pad.data) { return; }
var data = pad.data;
// We've found a match: return the value and stop the loops
if ((edit && data.href) || (!edit && data.roHref)) {
res = data;
return true;
}
// We've found a weaker match: store it for now
if (edit && !viewRes && data.roHref) {
viewRes = data;
}
});
});
// Call back with the best value we can get
cb(res || viewRes || {});
};
// Messaging (manage friends from the userlist)
Store.answerFriendRequest = function (clientId, obj, cb) {

1
www/common/outer/store-rpc.js
View File

@ -50,6 +50,7 @@ define([
GET_TEMPLATES: Store.getTemplates,
GET_SECURE_FILES_LIST: Store.getSecureFilesList,
GET_PAD_DATA: Store.getPadData,
GET_PAD_DATA_FROM_CHANNEL: Store.getPadDataFromChannel,
GET_STRONGER_HASH: Store.getStrongerHash,
INCREMENT_TEMPLATE_USE: Store.incrementTemplateUse,
GET_SHARED_FOLDER: Store.getSharedFolder,

11
www/common/sframe-app-outer.js
View File

@ -8,6 +8,7 @@ define([
], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
var requireConfig = RequireConfig();
var hash, href;
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
@ -18,6 +19,14 @@ define([
};
window.rc = requireConfig;
window.apiconf = ApiConfig;
// Hidden hash
hash = window.location.hash;
href = window.location.href;
if (window.history && window.history.replaceState) {
window.history.replaceState({}, window.document.title, '#');
}
document.getElementById('sbox-iframe').setAttribute('src',
ApiConfig.httpSafeOrigin + window.location.pathname + 'inner.html?' +
requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req)));
@ -36,6 +45,8 @@ define([
window.addEventListener('message', onMsg);
}).nThen(function (/*waitFor*/) {
SFCommonO.start({
hash: hash,
href: href,
useCreationScreen: true,
messaging: true
});

143
www/common/sframe-common-outer.js
View File

@ -30,6 +30,11 @@ define([
var password;
var initialPathInDrive;
var currentPad = {
href: cfg.href || window.location.href,
hash: cfg.hash || window.location.hash
};
nThen(function (waitFor) {
// Load #2, the loading screen is up so grab whatever you need...
require([
@ -134,11 +139,12 @@ define([
});
}
}), {
driveEvents: cfg.driveEvents
driveEvents: cfg.driveEvents,
currentPad: currentPad
});
}));
}).nThen(function (waitFor) {
if (!Utils.Hash.isValidHref(window.location.href)) {
if (!Utils.Hash.isValidHref(currentPad.href)) {
waitFor.abort();
return void sframeChan.event('EV_LOADING_ERROR', 'INVALID_HASH');
}
@ -171,11 +177,12 @@ define([
});
}));
} else {
var parsed = Utils.Hash.parsePadUrl(window.location.href);
var parsed = Utils.Hash.parsePadUrl(currentPad.href);
var todo = function () {
secret = Utils.secret = Utils.Hash.getSecrets(parsed.type, void 0, password);
secret = Utils.secret = Utils.Hash.getSecrets(parsed.type, parsed.hash, password);
Cryptpad.getShareHashes(secret, waitFor(function (err, h) {
hashes = h;
/* XXX this won't happen again: we don't need to update the rendered hash
if (password && !parsed.hashData.password) {
var ohc = window.onhashchange;
window.onhashchange = function () {};
@ -183,6 +190,7 @@ define([
window.onhashchange = ohc;
ohc({reset: true});
}
*/
}));
};
@ -241,13 +249,13 @@ define([
if (parsed.type === "file") {
// `isNewChannel` doesn't work for files (not a channel)
// `getFileSize` is not adapted to channels because of metadata
Cryptpad.getFileSize(window.location.href, password, function (e, size) {
Cryptpad.getFileSize(currentPad.href, password, function (e, size) {
next(e, size === 0);
});
return;
}
// Not a file, so we can use `isNewChannel`
Cryptpad.isNewChannel(window.location.href, password, next);
Cryptpad.isNewChannel(currentPad.href, password, next);
});
sframeChan.event("EV_PAD_PASSWORD", cfg);
};
@ -257,7 +265,60 @@ define([
var passwordCfg = {
value: ''
};
// Hidden hash: can't find the channel in our drives: abort
var noPadData = function (err) {
console.error(err);
// XXX Display error screen in inner
};
// Hidden hash: can't find requestd edit URL in our drives: ask
var badPadData = function (cb) {
// If we requested edit but we only know view: ???
setTimeout(function () {
cb(true);
}); // XXX ask in inner?
};
var newHref;
nThen(function (w) {
if (!parsed.hashData.key && parsed.hashData.channel) {
Cryptpad.getPadDataFromChannel({
channel: parsed.hashData.channel,
edit: parsed.hashData.mode === 'edit'
}, w(function (err, res) {
// Error while getting data? abort
if (err || !res || res.error) {
w.abort();
return void noPadData(err || (!res ? 'EINVAL' : res.error));
}
// No data found? abort
if (!Object.keys(res).length) {
w.abort();
return void noPadData('NO_RESULT');
}
// Data found but weaker? warn
if (parsed.hashData.mode === 'edit' && !res.href) {
return void badPadData(w(function (load) {
if (!load) {
w.abort();
return;
}
newHref = res.roHref;
}));
}
// We have good data, keep the hash in memory
newHref = res.href;
}));
}
}).nThen(function (w) {
if (newHref) {
// Get the options (embed, present, etc.) of the hidden hash
// Use the same options in the full hash
var opts = parsed.getOptions();
parsed = Utils.Hash.parsePadUrl(newHref);
currentPad.href = parsed.getUrl(opts);
currentPad.hash = parsed.hashData && parsed.hashData.getHash(opts);
}
Cryptpad.getPadAttribute('title', w(function (err, data) {
stored = (!err && typeof (data) === "string");
}));
@ -273,7 +334,7 @@ define([
if (parsed.type === "file") {
// `isNewChannel` doesn't work for files (not a channel)
// `getFileSize` is not adapted to channels because of metadata
Cryptpad.getFileSize(window.location.href, password, w(function (e, size) {
Cryptpad.getFileSize(currentPad.href, password, w(function (e, size) {
if (size !== 0) { return void todo(); }
// Wrong password or deleted file?
askPassword(true, passwordCfg);
@ -281,7 +342,7 @@ define([
return;
}
// Not a file, so we can use `isNewChannel`
Cryptpad.isNewChannel(window.location.href, password, w(function(e, isNew) {
Cryptpad.isNewChannel(currentPad.href, password, w(function(e, isNew) {
if (!isNew) { return void todo(); }
if (parsed.hashData.mode === 'view' && (password || !parsed.hashData.password)) {
// Error, wrong password stored, the view seed has changed with the password
@ -305,10 +366,12 @@ define([
}
}).nThen(function (waitFor) {
// Check if the pad exists on server
if (!window.location.hash) { isNewFile = true; return; }
if (!currentPad.hash) { isNewFile = true; return; }
if (realtime) {
Cryptpad.isNewChannel(window.location.href, password, waitFor(function (e, isNew) {
// TODO we probably don't need to check again for password-protected pads
// (we use isNewChannel to test the password...)
Cryptpad.isNewChannel(currentPad.href, password, waitFor(function (e, isNew) {
if (e) { return console.error(e); }
isNewFile = Boolean(isNew);
}));
@ -322,7 +385,7 @@ define([
readOnly = false;
}
Utils.crypto = Utils.Crypto.createEncryptor(Utils.secret.keys);
var parsed = Utils.Hash.parsePadUrl(window.location.href);
var parsed = Utils.Hash.parsePadUrl(currentPad.href);
var burnAfterReading = parsed && parsed.hashData && parsed.hashData.ownerKey;
if (!parsed.type) { throw new Error(); }
var defaultTitle = Utils.UserObject.getDefaultName(parsed);
@ -342,7 +405,7 @@ define([
notifications = metaObj.user.notifications;
}));
if (typeof(isTemplate) === "undefined") {
Cryptpad.isTemplate(window.location.href, waitFor(function (err, t) {
Cryptpad.isTemplate(currentPad.href, waitFor(function (err, t) {
if (err) { console.log(err); }
isTemplate = t;
}));
@ -368,7 +431,7 @@ define([
upgradeURL: Cryptpad.upgradeURL
},
isNewFile: isNewFile,
isDeleted: isNewFile && window.location.hash.length > 0,
isDeleted: isNewFile && currentPad.hash.length > 0,
forceCreationScreen: forceCreationScreen,
password: password,
channel: secret.channel,
@ -487,7 +550,7 @@ define([
});
sframeChan.on('Q_SET_LOGIN_REDIRECT', function (data, cb) {
sessionStorage.redirectTo = window.location.href;
sessionStorage.redirectTo = currentPad.href;
cb();
});
@ -570,7 +633,16 @@ define([
channel: secret.channel,
path: initialPathInDrive // Where to store the pad if we don't have it in our drive
};
Cryptpad.setPadTitle(data, function (err) {
Cryptpad.setPadTitle(data, function (err, obj) {
if (!err && !(obj && obj.notStored)) {
// Pad is stored: hide the hash
var opts = parsed.getOptions();
var hash = Utils.Hash.getHiddenHashFromKeys(parsed.type, secret, opts);
if (window.history && window.history.replaceState) {
if (!/^#/.test(hash)) { hash = '#' + hash; }
window.history.replaceState({}, window.document.title, hash);
}
}
cb({error: err});
});
});
@ -580,6 +652,9 @@ define([
});
sframeChan.on('EV_SET_HASH', function (hash) {
// In this case, we want to set the hash for the next page reload
// This hash is a category for the sidebar layout apps
// No need to store it in memory
window.location.hash = hash;
});
@ -801,15 +876,19 @@ define([
// Present mode URL
sframeChan.on('Q_PRESENT_URL_GET_VALUE', function (data, cb) {
var parsed = Utils.Hash.parsePadUrl(window.location.href);
var parsed = Utils.Hash.parsePadUrl(currentPad.href);
cb(parsed.hashData && parsed.hashData.present);
});
sframeChan.on('EV_PRESENT_URL_SET_VALUE', function (data) {
var parsed = Utils.Hash.parsePadUrl(window.location.href);
window.location.href = parsed.getUrl({
embed: parsed.hashData.embed,
present: data
});
// Update the rendered hash and the full hash with the "present" settings
var opts = parsed.getOptions();
opts.present = data;
// Full hash
currentPad.href = parsed.getUrl(opts);
if (parsed.hashData) { currentPad.hash = parsed.hashData.getHash(opts); }
// Rendered (maybe hidden) hash
var hiddenParsed = Utils.Hash.parsePadUrl(window.location.href);
window.location.href = hiddenParsed.getUrl(opts);
});
@ -1011,7 +1090,7 @@ define([
});
sframeChan.on('Q_BLOB_PASSWORD_CHANGE', function (data, cb) {
data.href = data.href || window.location.href;
data.href = data.href || currentPad.href;
var onPending = function (cb) {
sframeChan.query('Q_BLOB_PASSWORD_CHANGE_PENDING', null, function (err, obj) {
if (obj && obj.cancel) { cb(); }
@ -1027,12 +1106,12 @@ define([
});
sframeChan.on('Q_OO_PASSWORD_CHANGE', function (data, cb) {
data.href = data.href || window.location.href;
data.href = data.href || currentPad.href;
Cryptpad.changeOOPassword(data, cb);
});
sframeChan.on('Q_PAD_PASSWORD_CHANGE', function (data, cb) {
data.href = data.href || window.location.href;
data.href = data.href || currentPad.href;
Cryptpad.changePadPassword(Cryptget, Crypto, data, cb);
});
@ -1234,7 +1313,11 @@ define([
var startRealtime = function (rtConfig) {
rtConfig = rtConfig || {};
rtStarted = true;
var replaceHash = function (hash) {
// XXX Always put the full hash here.
// The pad has just been created but is not stored yet. We'll switch
// to hidden hash once the pad is stored
if (window.history && window.history.replaceState) {
if (!/^#/.test(hash)) { hash = '#' + hash; }
window.history.replaceState({}, window.document.title, hash);
@ -1250,7 +1333,7 @@ define([
Cryptpad.padRpc.onReadyEvent.reg(function () {
Cryptpad.burnPad({
password: password,
href: window.location.href,
href: currentPad.href,
channel: secret.channel,
ownerKey: burnAfterReading
});
@ -1265,7 +1348,7 @@ define([
readOnly: readOnly,
crypto: Crypto.createEncryptor(secret.keys),
onConnect: function () {
if (window.location.hash && window.location.hash !== '#') {
if (currentPad.hash && currentPad.hash !== '#') {
/*window.location = parsed.getUrl({
present: parsed.hashData.present,
embed: parsed.hashData.embed
@ -1278,11 +1361,11 @@ define([
};
nThen(function (waitFor) {
if (isNewFile && cfg.owned && !window.location.hash) {
if (isNewFile && cfg.owned && !currentPad.hash) {
Cryptpad.getMetadata(waitFor(function (err, m) {
cpNfCfg.owners = [m.priv.edPublic];
}));
} else if (isNewFile && !cfg.useCreationScreen && window.location.hash) {
} else if (isNewFile && !cfg.useCreationScreen && currentPad.hash) {
console.log("new file with hash in the address bar in an app without pcs and which requires owners");
sframeChan.onReady(function () {
sframeChan.query("EV_LOADING_ERROR", "DELETED");
@ -1309,11 +1392,13 @@ define([
var ohc = window.onhashchange;
window.onhashchange = function () {};
window.location.hash = newHash;
currentPad.hash = newHash;
currentPad.href = '/' + parsed.type + '/#' + newHash;
window.onhashchange = ohc;
ohc({reset: true});
// Update metadata values and send new metadata inside
parsed = Utils.Hash.parsePadUrl(window.location.href);
parsed = Utils.Hash.parsePadUrl(currentPad.href);
defaultTitle = Utils.UserObject.getDefaultName(parsed);
hashes = Utils.Hash.getHashes(secret);
readOnly = false;

11
www/poll/main.js
View File

@ -9,6 +9,7 @@ define([
var requireConfig = RequireConfig();
// Loaded in load #2
var hash, href;
nThen(function (waitFor) {
DomReady.onReady(waitFor());
}).nThen(function (waitFor) {
@ -19,6 +20,14 @@ define([
};
window.rc = requireConfig;
window.apiconf = ApiConfig;
// Hidden hash
hash = window.location.hash;
href = window.location.href;
if (window.history && window.history.replaceState) {
window.history.replaceState({}, window.document.title, '#');
}
document.getElementById('sbox-iframe').setAttribute('src',
ApiConfig.httpSafeOrigin + '/poll/inner.html?' + requireConfig.urlArgs +
'#' + encodeURIComponent(JSON.stringify(req)));
@ -37,6 +46,8 @@ define([
window.addEventListener('message', onMsg);
}).nThen(function (/*waitFor*/) {
SFCommonO.start({
hash: hash,
href: href,
useCreationScreen: true,
messaging: true
});