Skip to content

Commit

Permalink
add more location checks to message listener (#281)
Browse files Browse the repository at this point in the history 
* remove allowSaveSubmissions flag
  • Loading branch information
@dqnykamp
dqnykamp authored Jan 21, 2025
1 parent 7e5b361 commit afa5ee4
Show file tree
Hide file tree
Showing 12 changed files with 20 additions and 44 deletions.
3 changes: 3 additions & 0 deletions packages/doenetml-iframe/src/iframe-viewer-index.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ document.addEventListener("DOMContentLoaded", () => {

// forward all SPLICE messages that aren't a response to parent
window.addEventListener("message", (e) => {
if (e.origin !== window.parent.location.origin) {
return;
}
if (
e.data.subject.startsWith("SPLICE") &&
!e.data.subject.endsWith("response")
Expand Down
9 changes: 5 additions & 4 deletions packages/doenetml-iframe/src/index.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,15 +145,16 @@ export function DoenetViewer({

React.useEffect(() => {
const listener = (event: MessageEvent<IframeMessage>) => {
if (event.origin !== window.location.origin) {
return;
}

// forward response from SPLICE getState to iframe
if (event.data.subject === "SPLICE.getState.response") {
ref.current?.contentWindow?.postMessage(event.data);
return;
}
if (
event.origin !== window.location.origin ||
event.data?.origin !== id
) {
if (event.data?.origin !== id) {
return;
}

Expand Down
4 changes: 2 additions & 2 deletions packages/doenetml-worker/src/Core.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13023,8 +13023,8 @@ export default class Core {
async recordSolutionView() {
// TODO: check if student was actually allowed to view solution.

// if not allowed to save submissions, then allow view but don't record it
if (!this.flags.allowSaveSubmissions) {
// if not allowed to save state, then allow view but don't record it
if (!this.flags.allowSaveState) {
return {
allowView: true,
message: "",
Expand Down
2 changes: 0 additions & 2 deletions packages/doenetml-worker/src/test/utils/test-core.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ type DoenetMLFlags = {
allowLoadState: boolean;
allowSaveState: boolean;
allowLocalState: boolean;
allowSaveSubmissions: boolean;
allowSaveEvents: boolean;
autoSubmit: boolean;
};
Expand All @@ -30,7 +29,6 @@ const defaultFlags: DoenetMLFlags = {
allowLoadState: false,
allowSaveState: false,
allowLocalState: false,
allowSaveSubmissions: false,
allowSaveEvents: false,
autoSubmit: false,
};
Expand Down
1 change: 0 additions & 1 deletion packages/doenetml/src/EditorViewer/EditorViewer.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -484,7 +484,6 @@ export function EditorViewer({
allowLoadState: false,
allowSaveState: false,
allowLocalState: false,
allowSaveSubmissions: false,
allowSaveEvents: false,
readOnly: false,
}}
Expand Down
3 changes: 3 additions & 0 deletions packages/doenetml/src/Viewer/DocViewer.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,9 @@ export function DocViewer({

useEffect(() => {
window.addEventListener("message", (e) => {
if (e.origin !== window.location.origin) {
return;
}
if (typeof e.data !== "object") {
return;
}
Expand Down
1 change: 0 additions & 1 deletion packages/doenetml/src/Viewer/renderers/codeViewer.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,6 @@ export default React.memo(function CodeViewer(props) {
allowLoadState: false,
allowSaveState: false,
allowLocalState: false,
allowSaveSubmissions: false,
allowSaveEvents: false,
}}
activityId={id}
Expand Down
6 changes: 0 additions & 6 deletions packages/doenetml/src/doenetml.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@ export type DoenetMLFlags = {
allowLoadState: boolean;
allowSaveState: boolean;
allowLocalState: boolean;
allowSaveSubmissions: boolean;
allowSaveEvents: boolean;
autoSubmit: boolean;
};
Expand All @@ -41,7 +40,6 @@ export const defaultFlags: DoenetMLFlags = {
allowLoadState: false,
allowSaveState: false,
allowLocalState: false,
allowSaveSubmissions: false,
allowSaveEvents: false,
autoSubmit: false,
};
Expand Down Expand Up @@ -183,10 +181,6 @@ export function DoenetViewer({
// and disable even looking up state from local storage (as we want to get the state from the database)
flags.allowLocalState = false;
flags.allowSaveState = false;
} else if (flags.allowSaveState) {
// allowSaveState implies allowLoadState
// Rationale: saving state will result in loading a new state if another device changed it
flags.allowLoadState = true;
}

const generatedVariantCallback = useCallback(
Expand Down
3 changes: 3 additions & 0 deletions packages/test-cypress/cypress/e2e/DocViewer/docViewerAttributes.cy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ describe("PageViewer Attribute Tests", function () {
let allPossibleVariants = null;

function variantsListener(e) {
if (e.origin !== window.location.origin) {
return;
}
if (e.data.subject === "SPLICE.allPossibleVariants") {
allPossibleVariants = e.data.args.allPossibleVariants;
}
Expand Down
27 changes: 0 additions & 27 deletions packages/test-cypress/src/CypressTest.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ export function CypressTest() {
allowLoadState: boolean;
allowSaveState: boolean;
allowLocalState: boolean;
allowSaveSubmissions: boolean;
allowSaveEvents: boolean;
autoSubmit: boolean;
render: boolean;
Expand All @@ -33,7 +32,6 @@ export function CypressTest() {
allowLoadState: false,
allowSaveState: false,
allowLocalState: false,
allowSaveSubmissions: false,
allowSaveEvents: false,
autoSubmit: false,
render: true,
Expand Down Expand Up @@ -82,9 +80,6 @@ export function CypressTest() {
const [allowLocalState, setAllowLocalState] = useState(
testSettings.allowLocalState,
);
const [allowSaveSubmissions, setAllowSaveSubmissions] = useState(
testSettings.allowSaveSubmissions,
);
const [allowSaveEvents, setAllowSaveEvents] = useState(
testSettings.allowSaveEvents,
);
Expand Down Expand Up @@ -343,27 +338,6 @@ export function CypressTest() {
Allow Local Page State
</label>
</div>
<div>
<label>
{" "}
<input
id="testRunner_allowSaveSubmissions"
type="checkbox"
checked={allowSaveSubmissions}
onChange={() => {
testSettings.allowSaveSubmissions =
!testSettings.allowSaveSubmissions;
localStorage.setItem(
"test settings",
JSON.stringify(testSettings),
);
setAllowSaveSubmissions((was: boolean) => !was);
setUpdateNumber((was: number) => was + 1);
}}
/>
Allow Save Submissions
</label>
</div>
<div>
<label>
{" "}
Expand Down Expand Up @@ -519,7 +493,6 @@ export function CypressTest() {
allowLoadState,
allowSaveState,
allowLocalState,
allowSaveSubmissions,
allowSaveEvents,
autoSubmit,
}}
Expand Down
4 changes: 4 additions & 0 deletions packages/test-viewer/src/main.jsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ import "@doenet/doenetml/style.css";
const root = createRoot(document.getElementById("root"));

window.addEventListener("message", (event) => {
if (event.origin !== window.location.origin) {
return;
}

if (event.data.subject == "SPLICE.reportScoreAndState") {
console.log(event.data.score);
console.log(event.data.state);
Expand Down
1 change: 0 additions & 1 deletion packages/test-viewer/src/test/testViewer.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,6 @@ export default function TestViewer() {
allowLoadState: false,
allowSaveState: false,
allowLocalState: false,
allowSaveSubmissions: true,
allowSaveEvents: false,
autoSubmit: false,
}}
Expand Down

0 comments on commit afa5ee4

Please sign in to comment.