fix: audit
This commit is contained in:
parent
9f8aad114c
commit
b91b81f5c9
@ -12,7 +12,7 @@
|
||||
class="footer-address__value"
|
||||
target="_blank"
|
||||
:href="addressExplorerUrl(donationsAddress)"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
>{{ donationsAddress }}</a
|
||||
>
|
||||
</div>
|
||||
@ -31,7 +31,7 @@
|
||||
type="is-icon"
|
||||
:href="duneLink"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
icon-right="stats"
|
||||
></b-button>
|
||||
<b-button
|
||||
@ -39,7 +39,7 @@
|
||||
type="is-icon"
|
||||
href="https://torn.community"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
icon-right="discourse"
|
||||
></b-button>
|
||||
<b-button
|
||||
@ -47,7 +47,7 @@
|
||||
type="is-icon"
|
||||
href="https://discord.com/invite/TFDrM8K42j"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
icon-right="discord"
|
||||
></b-button>
|
||||
<b-button
|
||||
@ -55,7 +55,7 @@
|
||||
type="is-icon"
|
||||
href="https://tornado-cash.medium.com"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
icon-right="medium"
|
||||
></b-button>
|
||||
<b-button
|
||||
@ -63,7 +63,7 @@
|
||||
type="is-icon"
|
||||
href="https://twitter.com/TornadoCash"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
icon-right="twitter"
|
||||
></b-button>
|
||||
<b-button
|
||||
@ -71,7 +71,7 @@
|
||||
type="is-icon"
|
||||
href="https://t.me/TornadoCashOfficial"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
icon-right="telegram"
|
||||
></b-button>
|
||||
<b-button
|
||||
@ -79,7 +79,7 @@
|
||||
type="is-icon"
|
||||
href="https://github.com/tornadocash"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
icon-right="github"
|
||||
></b-button>
|
||||
<div class="break"></div>
|
||||
|
@ -14,7 +14,12 @@
|
||||
<b-skeleton v-if="!job.txHash && job.status !== 'FAILED'" />
|
||||
<div v-else class="details">
|
||||
<p class="detail">
|
||||
<a class="detail-description" :href="txExplorerUrl(job.txHash)" target="_blank">
|
||||
<a
|
||||
class="detail-description"
|
||||
:href="txExplorerUrl(job.txHash)"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
>
|
||||
{{ job.txHash }}
|
||||
</a>
|
||||
</p>
|
||||
|
@ -3,7 +3,9 @@
|
||||
<template v-slot:content>
|
||||
<template v-if="isLoggedIn">
|
||||
<p>{{ $t('web3connected') }}</p>
|
||||
<a :href="addressExplorerUrl(ethAccount)" target="_blank">{{ shortAddress(ethAccount) }}</a>
|
||||
<a :href="addressExplorerUrl(ethAccount)" target="_blank" rel="noopener noreferrer">{{
|
||||
shortAddress(ethAccount)
|
||||
}}</a>
|
||||
<p><NumberFormat :value="balance" /> {{ currency }}</p>
|
||||
</template>
|
||||
<template v-else>
|
||||
|
@ -18,7 +18,12 @@
|
||||
<b-navbar-item tag="router-link" to="/compliance">
|
||||
{{ $t('compliance') }}
|
||||
</b-navbar-item>
|
||||
<b-navbar-item href="http://docs.tornado.cash" target="_blank" rel="noreferrer" class="has-tag">
|
||||
<b-navbar-item
|
||||
href="https://docs.tornado.cash"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
class="has-tag"
|
||||
>
|
||||
<b-icon icon="open-book" size="is-small" class="mr-1" />
|
||||
<span>{{ $t('docs') }}</span>
|
||||
</b-navbar-item>
|
||||
|
@ -18,10 +18,15 @@
|
||||
</template>
|
||||
<template v-slot:description>{{ notice.description }}</template>
|
||||
</i18n>
|
||||
<a v-if="notice.nova" href="https://nova.tornadocash.eth.link" target="_blank">
|
||||
<a
|
||||
v-if="notice.nova"
|
||||
href="https://nova.tornadocash.eth.link"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
>
|
||||
Tornado Cash Nova
|
||||
</a>
|
||||
<a v-if="notice.txHash" :href="txExplorerUrl(notice.txHash)" target="_blank">
|
||||
<a v-if="notice.txHash" :href="txExplorerUrl(notice.txHash)" target="_blank" rel="noopener noreferrer">
|
||||
{{ $t('viewOnEtherscan') }}
|
||||
</a>
|
||||
<n-link v-else-if="notice.routerLink" v-bind="notice.routerLink.params" @onClick="$forceUpdate()">
|
||||
|
@ -22,7 +22,12 @@
|
||||
<div class="column is-hash" :data-label="$t('txHash')">
|
||||
<div class="details">
|
||||
<p class="detail">
|
||||
<a class="detail-description" :href="txExplorerUrl(tx.txHash)" target="_blank">
|
||||
<a
|
||||
class="detail-description"
|
||||
:href="txExplorerUrl(tx.txHash)"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
>
|
||||
{{ tx.txHash }}
|
||||
</a>
|
||||
</p>
|
||||
|
@ -123,7 +123,7 @@
|
||||
<div class="column is-full-small">
|
||||
<strong>{{ $t('proposalAddress') }}</strong>
|
||||
<div class="value">
|
||||
<a :href="contractUrl" class="address" target="_blank">
|
||||
<a :href="contractUrl" class="address" target="_blank" rel="noopener noreferrer">
|
||||
{{ data.target }}
|
||||
</a>
|
||||
</div>
|
||||
|
@ -12,7 +12,9 @@
|
||||
</b-field>
|
||||
<div class="label-with-value">
|
||||
{{ $t('currentDelegate') }}:
|
||||
<a target="_blank" :href="addressExplorerUrl(currentDelegate)">{{ delegateMsg }}</a>
|
||||
<a target="_blank" :href="addressExplorerUrl(currentDelegate)" rel="noopener noreferrer">{{
|
||||
delegateMsg
|
||||
}}</a>
|
||||
</div>
|
||||
<div>
|
||||
<b-tooltip
|
||||
|
@ -5,7 +5,9 @@
|
||||
</div>
|
||||
<div class="label-with-value">
|
||||
{{ $t('currentDelegate') }}:
|
||||
<a target="_blank" :href="addressExplorerUrl(currentDelegate)">{{ delegateMsg }}</a>
|
||||
<a target="_blank" :href="addressExplorerUrl(currentDelegate)" rel="noopener noreferrer">{{
|
||||
delegateMsg
|
||||
}}</a>
|
||||
</div>
|
||||
<b-tooltip
|
||||
class="is-block"
|
||||
|
@ -14,6 +14,7 @@
|
||||
v-show="!hasErrorNote && depositTxHash"
|
||||
:href="txExplorerUrl(depositTxHash)"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
class="button is-icon"
|
||||
>
|
||||
<b-tooltip
|
||||
@ -377,9 +378,6 @@ export default {
|
||||
this.$emit('get-key', this.getKeys)
|
||||
},
|
||||
mounted() {
|
||||
if (this.$route.query.note) {
|
||||
this.withdrawNote = this.$route.query.note
|
||||
}
|
||||
this.$root.$on('resetWithdraw', () => {
|
||||
this.withdrawAddress = ''
|
||||
this.withdrawNote = ''
|
||||
|
@ -452,5 +452,9 @@
|
||||
"name": "Name",
|
||||
"fee": "Fee"
|
||||
},
|
||||
"withdrawalQueueIsOverloaded": "Withdrawal queue is overloaded"
|
||||
"withdrawalQueueIsOverloaded": "Withdrawal queue is overloaded",
|
||||
"trustBanner": {
|
||||
"trustLess": "You are using an public IPFS gateway. Tornado Cash dApp can not use all security features of your browser. Check out {link} for alternatives",
|
||||
"link": "landing page"
|
||||
}
|
||||
}
|
||||
|
@ -69,6 +69,7 @@ export default {
|
||||
},
|
||||
mounted() {
|
||||
this.$preventMultitabs()
|
||||
window.addEventListener('focus', this.$preventMultitabs)
|
||||
|
||||
if (process.browser) {
|
||||
window.onNuxtReady(() => {
|
||||
@ -108,6 +109,9 @@ export default {
|
||||
})
|
||||
}
|
||||
},
|
||||
beforeDestroy() {
|
||||
window.removeEventListener('focus', this.$preventMultitabs)
|
||||
},
|
||||
methods: {
|
||||
...mapActions('settings', ['checkCurrentRpc', 'preselectRpc']),
|
||||
checkRecoveryKey() {
|
||||
|
@ -39,6 +39,12 @@ const providerMiddleware = async ({ store }) => {
|
||||
const chainId = hexToNumber(await provider.request({ method: 'eth_chainId' }))
|
||||
|
||||
await checkProvider({ store, accounts, chainId, providerName })
|
||||
} else {
|
||||
const storedNetId = window.localStorage.getItem('netId')
|
||||
|
||||
if (networkConfig[`netId${storedNetId}`]) {
|
||||
await store.dispatch('metamask/onNetworkChanged', { netId: Number(storedNetId) })
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
console.error(`Provider container has error: ${err.message}`)
|
||||
|
@ -47,6 +47,27 @@ export default {
|
||||
title: 'Tornado.cash',
|
||||
meta: [
|
||||
{ charset: 'utf-8' },
|
||||
{
|
||||
'http-equiv': 'Content-Security-Policy',
|
||||
content: ''
|
||||
},
|
||||
// move to req middlevare
|
||||
// {
|
||||
// 'http-equiv': 'Permissions-Policy',
|
||||
// content: 'geolocation=()'
|
||||
// },
|
||||
// {
|
||||
// 'http-equiv': 'Strict-Transport-Security',
|
||||
// content: 'max-age=31536000;'
|
||||
// },
|
||||
// {
|
||||
// 'http-equiv': 'X-Content-Type-Options',
|
||||
// content: 'nosniff'
|
||||
// },
|
||||
{
|
||||
name: 'Referer-Policy',
|
||||
content: 'no-referrer'
|
||||
},
|
||||
{
|
||||
name: 'viewport',
|
||||
content: 'width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no'
|
||||
|
@ -69,6 +69,7 @@
|
||||
v-if="txDepositInfo.txHash"
|
||||
:href="txExplorerUrl(txDepositInfo.txHash)"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
class="value"
|
||||
:data-value="txDepositInfo.txHash"
|
||||
>
|
||||
@ -82,6 +83,7 @@
|
||||
v-if="txDepositInfo.txHash"
|
||||
:href="addressExplorerUrl(txDepositInfo.from)"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
class="value"
|
||||
>
|
||||
{{ txDepositInfo.from }}
|
||||
@ -155,6 +157,7 @@
|
||||
v-if="txWithdrawalInfo.txHash"
|
||||
:href="txExplorerUrl(txWithdrawalInfo.txHash)"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
class="value"
|
||||
:data-value="txWithdrawalInfo.txHash"
|
||||
>
|
||||
@ -168,6 +171,7 @@
|
||||
v-if="txWithdrawalInfo.to"
|
||||
:href="addressExplorerUrl(txWithdrawalInfo.to)"
|
||||
target="_blank"
|
||||
rel="noopener noreferrer"
|
||||
class="value"
|
||||
>
|
||||
{{ txWithdrawalInfo.to }}
|
||||
|
@ -13,6 +13,22 @@
|
||||
<i18n path="binanceInternalTxsNotification" />
|
||||
</b-notification>
|
||||
|
||||
<b-notification
|
||||
:active="isActiveNotification.third"
|
||||
class="main-notification"
|
||||
type="is-warning"
|
||||
icon-pack="icon"
|
||||
has-icon
|
||||
:aria-close-label="$t('closeNotification')"
|
||||
@close="disableNotification({ key: 'third' })"
|
||||
>
|
||||
<i18n path="trustBanner.trustLess">
|
||||
<template v-slot:link>
|
||||
<a href="https://tornado.cash/">{{ $t('trustBanner.link') }}</a>
|
||||
</template>
|
||||
</i18n>
|
||||
</b-notification>
|
||||
|
||||
<b-notification
|
||||
:active="isActiveNotification.first"
|
||||
class="main-notification"
|
||||
@ -27,7 +43,7 @@
|
||||
<a
|
||||
href="https://twitter.com/TornadoCash/status/1204745639759884289"
|
||||
target="_blank"
|
||||
rel="noreferrer"
|
||||
rel="noopener noreferrer"
|
||||
>{{ $t('indexNotificationLinkText') }}</a
|
||||
>
|
||||
</template>
|
||||
@ -82,21 +98,20 @@ export default {
|
||||
},
|
||||
created() {
|
||||
this.$store.dispatch('application/setNativeCurrency', { netId: this.netId })
|
||||
},
|
||||
mounted() {
|
||||
if (this.$route.query.note) {
|
||||
this.activeTab = 1
|
||||
}
|
||||
this.checkIsTrustedUrl()
|
||||
},
|
||||
methods: {
|
||||
...mapActions('settings', ['disableNotification']),
|
||||
checkIsTrustedUrl() {
|
||||
const isIpfs = this.$isLoadedFromIPFS()
|
||||
if (!isIpfs) {
|
||||
this.disableNotification({ key: 'third' })
|
||||
}
|
||||
},
|
||||
onGetKey(fn) {
|
||||
this.getKeys = fn
|
||||
},
|
||||
async tabChanged(tabIndex) {
|
||||
if (!this.$route.query.note) {
|
||||
this.$root.$emit('resetWithdraw')
|
||||
}
|
||||
if (tabIndex === 1) {
|
||||
this.$store.dispatch('relayer/pickRandomRelayer', { type: 'tornado' })
|
||||
|
||||
|
@ -3,20 +3,17 @@ export default ({ store, isHMR, app }, inject) => {
|
||||
inject('isLoadedFromIPFS', main)
|
||||
}
|
||||
function main() {
|
||||
const domainWhiteList = [
|
||||
'tornado.cash',
|
||||
'localhost:3000',
|
||||
'stage.tornado.cash',
|
||||
'tornadocash.eth',
|
||||
const whiteListedDomains = [
|
||||
// 'localhost:3000',
|
||||
'tornadocash.eth.link',
|
||||
'tornadocash.eth.limo',
|
||||
'app.tornado.cash',
|
||||
'donotshare.tornado.cash'
|
||||
'tornadocash.eth.limo'
|
||||
]
|
||||
|
||||
if (window.location.host.includes('tornadocash.netlify.app')) {
|
||||
const NETLIFY_REGEXP = /https:\/\/deploy-preview-(\d+)--tornadocash\.netlify\.app/
|
||||
|
||||
if (NETLIFY_REGEXP.test(window.location.host)) {
|
||||
return false
|
||||
} else if (!domainWhiteList.includes(window.location.host)) {
|
||||
} else if (!whiteListedDomains.includes(window.location.host)) {
|
||||
console.warn('The page has been loaded from ipfs.io. LocalStorage is disabled')
|
||||
return true
|
||||
}
|
||||
|
@ -21,16 +21,23 @@ export default ({ store, isHMR }) => {
|
||||
return
|
||||
}
|
||||
|
||||
const paths = ['metamask.netId', 'application.selectedStatistic', 'application.selectedInstance']
|
||||
|
||||
if (!store.$isLoadedFromIPFS()) {
|
||||
paths.push('txHashKeeper', 'settings', 'account', 'relayer.jobs', 'encryptedNote.ui')
|
||||
const paths = [
|
||||
'metamask.netId',
|
||||
'application.selectedStatistic',
|
||||
'application.selectedInstance',
|
||||
'txHashKeeper',
|
||||
'settings',
|
||||
'account',
|
||||
'relayer.jobs',
|
||||
'encryptedNote.ui'
|
||||
]
|
||||
|
||||
migrate()
|
||||
|
||||
createPersistedState({
|
||||
key: STORE_NAME,
|
||||
paths
|
||||
})(store)
|
||||
}
|
||||
|
||||
migrate()
|
||||
|
||||
createPersistedState({
|
||||
key: STORE_NAME,
|
||||
paths
|
||||
})(store)
|
||||
}
|
||||
|
@ -82,6 +82,8 @@ const mutations = {
|
||||
},
|
||||
SET_NET_ID(state, netId) {
|
||||
netId = parseInt(netId, 10)
|
||||
window.localStorage.setItem('netId', netId)
|
||||
|
||||
state.netId = netId
|
||||
},
|
||||
SET_RECONNECTING(state, bool) {
|
||||
|
@ -337,13 +337,15 @@ export const actions = {
|
||||
async getCustomRelayerData({ rootState, state, getters, rootGetters, dispatch }, { url, name }) {
|
||||
const provider = getters.ethProvider.eth
|
||||
|
||||
if (!url.startsWith('https:') && !url.startsWith('http:')) {
|
||||
if (url.includes('.onion')) {
|
||||
const PROTOCOL_REGEXP = /^(http(s?))/
|
||||
if (!PROTOCOL_REGEXP.test(url)) {
|
||||
if (url.endsWith('.onion')) {
|
||||
url = `http://${url}`
|
||||
} else {
|
||||
url = `https://${url}`
|
||||
}
|
||||
}
|
||||
|
||||
const urlParser = new URL(url)
|
||||
urlParser.href = url
|
||||
let ensName = name
|
||||
|
@ -20,7 +20,8 @@ export const state = () => {
|
||||
...rpcData,
|
||||
isActiveNotification: {
|
||||
first: true,
|
||||
second: true
|
||||
second: true,
|
||||
third: true
|
||||
}
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user