Fossil SCM
Check to see that CSS has been loaded before activating hyperlinks if the user is "nobody".
Commit
3f6a6bdce421212ea8877e3692870b26e8813183700ac1cf3283f9cf4647a563
Parent
db69c47abda94b6…
2 files changed
+1
-1
+15
-12
+1
-1
| --- src/default.css | ||
| +++ src/default.css | ||
| @@ -2,11 +2,11 @@ | ||
| 2 | 2 | CSS classes. When /style.css is requested, the rules in this file |
| 3 | 3 | are emitted first, followed by (1) page-specific CSS (if any) and |
| 4 | 4 | (2) skin-specific CSS. |
| 5 | 5 | */ |
| 6 | 6 | body { |
| 7 | - z-index: 0 /* part of robot.c:robot_proofofwork() */; | |
| 7 | + z-index: 0 /* Used by robot.c:robot_proofofwork() and href.js */; | |
| 8 | 8 | } |
| 9 | 9 | div.sidebox { |
| 10 | 10 | float: right; |
| 11 | 11 | background-color: white; |
| 12 | 12 | border-width: medium; |
| 13 | 13 |
| --- src/default.css | |
| +++ src/default.css | |
| @@ -2,11 +2,11 @@ | |
| 2 | CSS classes. When /style.css is requested, the rules in this file |
| 3 | are emitted first, followed by (1) page-specific CSS (if any) and |
| 4 | (2) skin-specific CSS. |
| 5 | */ |
| 6 | body { |
| 7 | z-index: 0 /* part of robot.c:robot_proofofwork() */; |
| 8 | } |
| 9 | div.sidebox { |
| 10 | float: right; |
| 11 | background-color: white; |
| 12 | border-width: medium; |
| 13 |
| --- src/default.css | |
| +++ src/default.css | |
| @@ -2,11 +2,11 @@ | |
| 2 | CSS classes. When /style.css is requested, the rules in this file |
| 3 | are emitted first, followed by (1) page-specific CSS (if any) and |
| 4 | (2) skin-specific CSS. |
| 5 | */ |
| 6 | body { |
| 7 | z-index: 0 /* Used by robot.c:robot_proofofwork() and href.js */; |
| 8 | } |
| 9 | div.sidebox { |
| 10 | float: right; |
| 11 | background-color: white; |
| 12 | border-width: medium; |
| 13 |
+15
-12
| --- src/href.js | ||
| +++ src/href.js | ||
| @@ -1,12 +1,12 @@ | ||
| 1 | 1 | /* As an anti-robot defense, <a> elements are initially coded with the |
| 2 | 2 | ** href= set to the honeypot, and <form> elements are initialized with |
| 3 | 3 | ** action= set to the login page. The real values for href= and action= |
| 4 | 4 | ** are held in data-href= and data-action=. The following code moves |
| 5 | 5 | ** data-href= into href= and data-action= into action= for all |
| 6 | -** <a> and <form> elements, after delay and maybe also after mouse | |
| 7 | -** movement is seen. | |
| 6 | +** <a> and <form> elements, after CSS has been loaded, and after a delay, | |
| 7 | +** and maybe also after mouse movement is seen. | |
| 8 | 8 | ** |
| 9 | 9 | ** Before sourcing this script, create a separate <script> element |
| 10 | 10 | ** (with type='application/json' to avoid Content Security Policy issues) |
| 11 | 11 | ** containing: |
| 12 | 12 | ** |
| @@ -18,20 +18,22 @@ | ||
| 18 | 18 | ** until the first mousedown event that occurs after the timer expires. |
| 19 | 19 | */ |
| 20 | 20 | var antiRobot = 0; |
| 21 | 21 | function antiRobotGo(){ |
| 22 | 22 | if( antiRobot!=3 ) return; |
| 23 | - antiRobot = 7; | |
| 24 | - var anchors = document.getElementsByTagName("a"); | |
| 25 | - for(var i=0; i<anchors.length; i++){ | |
| 26 | - var j = anchors[i]; | |
| 27 | - if(j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); | |
| 28 | - } | |
| 29 | - var forms = document.getElementsByTagName("form"); | |
| 30 | - for(var i=0; i<forms.length; i++){ | |
| 31 | - var j = forms[i]; | |
| 32 | - if(j.hasAttribute("data-action")) j.action=j.getAttribute("data-action"); | |
| 23 | + if( window.getComputedStyle(document.body).zIndex==='0' ){ | |
| 24 | + antiRobot = 7; | |
| 25 | + var anchors = document.getElementsByTagName("a"); | |
| 26 | + for(var i=0; i<anchors.length; i++){ | |
| 27 | + var j = anchors[i]; | |
| 28 | + if(j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); | |
| 29 | + } | |
| 30 | + var forms = document.getElementsByTagName("form"); | |
| 31 | + for(var i=0; i<forms.length; i++){ | |
| 32 | + var j = forms[i]; | |
| 33 | + if(j.hasAttribute("data-action")) j.action=j.getAttribute("data-action"); | |
| 34 | + } | |
| 33 | 35 | } |
| 34 | 36 | } |
| 35 | 37 | function antiRobotDefense(){ |
| 36 | 38 | var x = document.getElementById("href-data"); |
| 37 | 39 | var jx = x.textContent || x.innerText; |
| @@ -56,8 +58,9 @@ | ||
| 56 | 58 | antiRobotGo(); |
| 57 | 59 | }, g.delay) |
| 58 | 60 | }else{ |
| 59 | 61 | antiRobot |= 1; |
| 60 | 62 | } |
| 63 | + window.addEventListener('load',antiRobotGo); | |
| 61 | 64 | antiRobotGo(); |
| 62 | 65 | } |
| 63 | 66 | antiRobotDefense(); |
| 64 | 67 |
| --- src/href.js | |
| +++ src/href.js | |
| @@ -1,12 +1,12 @@ | |
| 1 | /* As an anti-robot defense, <a> elements are initially coded with the |
| 2 | ** href= set to the honeypot, and <form> elements are initialized with |
| 3 | ** action= set to the login page. The real values for href= and action= |
| 4 | ** are held in data-href= and data-action=. The following code moves |
| 5 | ** data-href= into href= and data-action= into action= for all |
| 6 | ** <a> and <form> elements, after delay and maybe also after mouse |
| 7 | ** movement is seen. |
| 8 | ** |
| 9 | ** Before sourcing this script, create a separate <script> element |
| 10 | ** (with type='application/json' to avoid Content Security Policy issues) |
| 11 | ** containing: |
| 12 | ** |
| @@ -18,20 +18,22 @@ | |
| 18 | ** until the first mousedown event that occurs after the timer expires. |
| 19 | */ |
| 20 | var antiRobot = 0; |
| 21 | function antiRobotGo(){ |
| 22 | if( antiRobot!=3 ) return; |
| 23 | antiRobot = 7; |
| 24 | var anchors = document.getElementsByTagName("a"); |
| 25 | for(var i=0; i<anchors.length; i++){ |
| 26 | var j = anchors[i]; |
| 27 | if(j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); |
| 28 | } |
| 29 | var forms = document.getElementsByTagName("form"); |
| 30 | for(var i=0; i<forms.length; i++){ |
| 31 | var j = forms[i]; |
| 32 | if(j.hasAttribute("data-action")) j.action=j.getAttribute("data-action"); |
| 33 | } |
| 34 | } |
| 35 | function antiRobotDefense(){ |
| 36 | var x = document.getElementById("href-data"); |
| 37 | var jx = x.textContent || x.innerText; |
| @@ -56,8 +58,9 @@ | |
| 56 | antiRobotGo(); |
| 57 | }, g.delay) |
| 58 | }else{ |
| 59 | antiRobot |= 1; |
| 60 | } |
| 61 | antiRobotGo(); |
| 62 | } |
| 63 | antiRobotDefense(); |
| 64 |
| --- src/href.js | |
| +++ src/href.js | |
| @@ -1,12 +1,12 @@ | |
| 1 | /* As an anti-robot defense, <a> elements are initially coded with the |
| 2 | ** href= set to the honeypot, and <form> elements are initialized with |
| 3 | ** action= set to the login page. The real values for href= and action= |
| 4 | ** are held in data-href= and data-action=. The following code moves |
| 5 | ** data-href= into href= and data-action= into action= for all |
| 6 | ** <a> and <form> elements, after CSS has been loaded, and after a delay, |
| 7 | ** and maybe also after mouse movement is seen. |
| 8 | ** |
| 9 | ** Before sourcing this script, create a separate <script> element |
| 10 | ** (with type='application/json' to avoid Content Security Policy issues) |
| 11 | ** containing: |
| 12 | ** |
| @@ -18,20 +18,22 @@ | |
| 18 | ** until the first mousedown event that occurs after the timer expires. |
| 19 | */ |
| 20 | var antiRobot = 0; |
| 21 | function antiRobotGo(){ |
| 22 | if( antiRobot!=3 ) return; |
| 23 | if( window.getComputedStyle(document.body).zIndex==='0' ){ |
| 24 | antiRobot = 7; |
| 25 | var anchors = document.getElementsByTagName("a"); |
| 26 | for(var i=0; i<anchors.length; i++){ |
| 27 | var j = anchors[i]; |
| 28 | if(j.hasAttribute("data-href")) j.href=j.getAttribute("data-href"); |
| 29 | } |
| 30 | var forms = document.getElementsByTagName("form"); |
| 31 | for(var i=0; i<forms.length; i++){ |
| 32 | var j = forms[i]; |
| 33 | if(j.hasAttribute("data-action")) j.action=j.getAttribute("data-action"); |
| 34 | } |
| 35 | } |
| 36 | } |
| 37 | function antiRobotDefense(){ |
| 38 | var x = document.getElementById("href-data"); |
| 39 | var jx = x.textContent || x.innerText; |
| @@ -56,8 +58,9 @@ | |
| 58 | antiRobotGo(); |
| 59 | }, g.delay) |
| 60 | }else{ |
| 61 | antiRobot |= 1; |
| 62 | } |
| 63 | window.addEventListener('load',antiRobotGo); |
| 64 | antiRobotGo(); |
| 65 | } |
| 66 | antiRobotDefense(); |
| 67 |