Removed unsafe-eval necessity for addon to improve security, closes #17

AykutCevik · AykutCevik · commit 2d542706c6ad · 2021-12-21T20:25:09.000+01:00
diff --git a/build.sh b/build.sh
@@ -20,7 +20,7 @@ copyDevFunction()
 prepareChromeFunction()
 {
     echo "Preparing manifest.json for Chrome"
-    sed -i -e '28,32d;19d;35d' ./dev/manifest.json
+    sed -i -e '27,31d;35d' ./dev/manifest.json
 }
 
 packageChromeFunction()
diff --git a/js/popup.js b/js/popup.js
@@ -51,27 +51,32 @@ function fetchGeoLocation() {
     });
 }
 
+function compileHtml(html, obj, clip) {
+    for (var prop in obj) {
+        html = html.replace(new RegExp(clip + prop + clip, 'g'), obj[prop] ? obj[prop] : '');
+    }
+    return html;
+}
+
 function triggerView() {
-    var infosHtml = _.template($('#ipGeoLocationView').html());
-    compiledInfosHtml = infosHtml({
-        gl: geoIpV4 ? geoIpV4.toJSON() : new GeoLocation(),
-        gl6: geoIpV6 ? geoIpV6.toJSON() : new GeoLocation6()
-    });
+    var infosHtml = $('#ipGeoLocationView').html();
+    var gIPv4 = (geoIpV4 ? geoIpV4.toJSON() : new GeoLocation().toJSON());
+    var gIPv6 = (geoIpV6 ? geoIpV6.toJSON() : new GeoLocation6().toJSON());
+    compiledInfosHtml = compileHtml(infosHtml, gIPv4.geoLocation, 'T');
+    compiledInfosHtml = compileHtml(compiledInfosHtml, gIPv4.browser, 'T');
+    compiledInfosHtml = compileHtml(compiledInfosHtml, gIPv6.geoLocation, 'T6');
+    compiledInfosHtml = compileHtml(compiledInfosHtml, gIPv6.browser, 'T6');
     $('#ipLocationInfo').html(compiledInfosHtml);
 
     if (geoIpV4 && geoIpV4.toJSON().geoLocation && geoIpV4.toJSON().geoLocation.latitude != 0) {
-        var mapHtml = _.template($('#ipGeoMapView').html());
-        compiledMapHtml = mapHtml({
-            gl:  geoIpV4.toJSON()
-        });
+        var mapHtml = $('#ipGeoMapView').html();
+        compiledMapHtml = compileHtml(mapHtml, geoIpV4.toJSON().geoLocation, 'T');
         $('#mapIPV4').html(compiledMapHtml);
     }
 
-    if(geoIpV6 && geoIpV6.toJSON().geoLocation && geoIpV6.toJSON().geoLocation.latitude != 0) {
-        var mapHtml = _.template($('#ipGeoMapView').html());
-        compiledMapHtml = mapHtml({
-            gl:  geoIpV6.toJSON()
-        });
+    if (geoIpV6 && geoIpV6.toJSON().geoLocation && geoIpV6.toJSON().geoLocation.latitude != 0) {
+        var mapHtml = $('#ipGeoMapView').html();
+        compiledMapHtml = compileHtml(mapHtml, geoIpV6.toJSON().geoLocation, 'T');
         $('#mapIPV6').html(compiledMapHtml);
     }
 }
diff --git a/manifest.json b/manifest.json
@@ -1,6 +1,6 @@
 {
   "name": "IP Address & Geolocation",
-  "version": "2.0.3",
+  "version": "2.1.0",
   "manifest_version": 2,
   "icons": {
     "16": "img/icon16.png",
@@ -23,7 +23,7 @@
     "default_popup": "popup.html",
     "default_title": "IP Address & Geolocation"
   },
-  "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'self'",
+  "content_security_policy": "script-src 'self'; object-src 'self'",
   "applications": {
     "gecko": {
       "id": "ipgeolocator@aykutcevik.com"
diff --git a/popup.html b/popup.html
@@ -50,7 +50,7 @@ <h2 class="mdl-card__title-text">IP Address & Geolocation</h2>
 
 <script type="text/html" id="ipGeoMapView">
     <a class="mdl-button mdl-js-button mdl-button--icon" title="Open location in OpenStreetMap"
-        href="http://www.openstreetmap.org/?mlat=<%- gl.geoLocation.latitude %>&mlon=<%- gl.geoLocation.longitude %>&zoom=12" target="_blank">
+        href="http://www.openstreetmap.org/?mlat=TlatitudeT&mlon=TlongitudeT&zoom=12" target="_blank">
         <i class="material-icons">map</i>
     </a>
 </script>
@@ -67,33 +67,33 @@ <h2 class="mdl-card__title-text">IP Address & Geolocation</h2>
         <tbody>
         <tr>
             <td class="mdl-data-table__cell--non-numeric">IP</td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl.geoLocation ? gl.geoLocation.ipAddress : null %></td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl6.geoLocation ? gl6.geoLocation.ipAddress : null %></td>
+            <td class="mdl-data-table__cell--non-numeric">TipAddressT</td>
+            <td class="mdl-data-table__cell--non-numeric">T6ipAddressT6</td>
         </tr>
         <tr>
             <td class="mdl-data-table__cell--non-numeric">City</td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl.geoLocation ? gl.geoLocation.city : null %></td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl6.geoLocation ? gl6.geoLocation.city : null %></td>
+            <td class="mdl-data-table__cell--non-numeric">TcityT</td>
+            <td class="mdl-data-table__cell--non-numeric">T6cityT6</td>
         </tr>
         <tr>
             <td class="mdl-data-table__cell--non-numeric">Country</td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl.geoLocation ? gl.geoLocation.countryName : null %></td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl6.geoLocation ? gl6.geoLocation.countryName : null %></td>
+            <td class="mdl-data-table__cell--non-numeric">TcountryNameT</td>
+            <td class="mdl-data-table__cell--non-numeric">T6countryNameT6</td>
         </tr>
         <tr>
             <td class="mdl-data-table__cell--non-numeric">Continent</td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl.geoLocation ? gl.geoLocation.continent : null %></td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl6.geoLocation ? gl6.geoLocation.continent : null %></td>
+            <td class="mdl-data-table__cell--non-numeric">TcontinentT</td>
+            <td class="mdl-data-table__cell--non-numeric">T6continentT6</td>
         </tr>
         <tr>
             <td class="mdl-data-table__cell--non-numeric">Timezone</td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl.geoLocation ? gl.geoLocation.timezone : null %></td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl6.geoLocation ? gl6.geoLocation.timezone : null %></td>
+            <td class="mdl-data-table__cell--non-numeric">TtimezoneT</td>
+            <td class="mdl-data-table__cell--non-numeric">T6timezoneT6</td>
         </tr>
         <tr>
             <td class="mdl-data-table__cell--non-numeric">User agent</td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl.geoLocation ? gl.browser.userAgent : null %></td>
-            <td class="mdl-data-table__cell--non-numeric"><%- gl6.geoLocation ? gl6.browser.userAgent : null %></td>
+            <td class="mdl-data-table__cell--non-numeric">TuserAgentT</td>
+            <td class="mdl-data-table__cell--non-numeric">T6userAgentT6</td>
         </tr>
         </tbody>
     </table>

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@ copyDevFunction()`
`20`	`20`	`prepareChromeFunction()`
`21`	`21`	`{`
`22`	`22`	`echo "Preparing manifest.json for Chrome"`
`23`		`- sed -i -e '28,32d;19d;35d' ./dev/manifest.json`
	`23`	`+ sed -i -e '27,31d;35d' ./dev/manifest.json`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`packageChromeFunction()`