medooze / swis Goto Github PK

• Elisa's screen resolution: 1280x1024
• Dave's screen resolution: 1440x900

Sergio, is this what you are developing for co-browsing or is it something else?

Just that, elements with display:fixed are not fixed when mirrored.

While the observer now removes all the scripts from the original page, this doesn't prevent a malware user to inject scripts on the reflector. We need to find a way to avoid that.

Most probable solution is to disable unknown locations in the CSP

cc/ @ibc

This makes no sense:

  "dependencies": {
    "bluebird": "~2.9.34",
    "body-parser": "~1.13.3",
    "cookie-parser": "~1.3.5",
    "cors": "~2.7.1",
    "debug": "~2.2.0",
    "express": "~4.13.3",
    "jade": "~1.11.0",
    "moment": "~2.10.6",
    "morgan": "~1.6.1",
    "pg": "~4.4.1",
    "ramda": "~0.17.1",
    "serve-favicon": "~2.3.0",
    "squel": "~4.1.0",
    "super-error": "~1.1.2"
  },

express as dependency of a browser library?

Both Reflector and Observer seem to send some data once stop() has been called on them. This basically fails because, at that point, the channel is closed.

Reflector.prototype.stop = function()
{
    //Clear timer (jic)
    clearTimeout (self.timer);
    //Free recording
    this.recorder  && this.recorder.close();
    //Stop painting
    this.paint(false);
    //Stop canvas
    this.canvas.close();
    //Stop higlhlighter
    this.highlighter.close();
    //Clean reverses
    this.reverse = {};
    this.map = new WeakMap();
    //Media rules
    this.mediarules = {};
    //Remove listener
    this.mirror.removeEventListener("mousemove",this.onmousemove,true);
    this.mirror.removeEventListener("selectionchange",this.onselectionchange,true);
    this.mirror.removeEventListener("submit",this.onsubmit,true);
    this.mirror.defaultView.removeEventListener("rsize",this.onresize,true);

};

The last line fails because this.mirror.defaultView is undefined.

When agent scrolls the webpage, user doesn't receive the scroll on his page (the other way works ok: when user scrolls the agent webpage is scrolled too)

Mirrored elements can have onclick, etc attributes that can execute JavaScript. Since the mirror runs in an iframe this may be "inoffensive", but I'm not 100% sure about that.

<body onmouseover="alert('MOUSE OVER')">lalalal</body>

For example that "works".

Self explanatory:

AFAIS the debug module is included.

What the agent (reflector) paints:

What the client (observers) gets:

The div the observer creates for placing the "paint" does not fit the height of the page, but just the height of the window.

Otherwise ugly things happen.

(...unless the website already has one).

This would prevent the user to leave the current page when clicking in a link.

Just to have it under consideration:

https://groups.google.com/forum/#!topic/discuss-webrtc/-b5F5fQRXME

When running swis Reflector a global window.onselectionchange is wrongly created.

Related code:

ibc @ibc-macbook in ~/eFace2Face/src/clientCore/node_modules/swis git:master* $ ack onselectionchange
lib/observer.js
714:    document.addEventListener("selectionchange", (this.onselectionchange = function(e) {
989:    document.removeEventListener("selectionchange", this.onselectionchange, true);

lib/reflector.js
428:        mirror.addEventListener("selectionchange", (this.onselectionchange = function(e) {
954:    this.mirror.removeEventListener("selectionchange",this.onselectionchange,true);

www/swis.js
4526:   document.addEventListener("selectionchange", (this.onselectionchange = function(e) {
4801:   document.removeEventListener("selectionchange", this.onselectionchange, true);
5241:       mirror.addEventListener("selectionchange", (this.onselectionchange = function(e) {
5767:   this.mirror.removeEventListener("selectionchange",this.onselectionchange,true);