Closed stanislav-degtjarjov closed 1 year ago
metsma
commented
6 years ago Cannot find google documentation that there is possible to filter content-type https://developer.chrome.com/apps/manifest We need probably change the JS part so, that does not inject to html
matbcvo
commented
1 year ago We are having same issue as this extension is injecting JS code into our emails in Mautic software (while editing email content/template). This affects our email deliverability as all outgoing emails from Mautic are going into receiver's spam folder because of this JS code. We cannot even disable this extension in the Google Chrome browser, solution would be to uninstall eID software which we do not want, because we need to sign documents too.
--_=_swift_1668510684_7119536567990e726f3ae2452431232c_=_
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html><!DOCTYPE html><html lang=3D"en" xmlns=3D"http://www.w3.org/=
1999/xhtml" xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schema=
s-microsoft-com:office:office" class=3D" responsejs " style=3D""><head><scr=
ipt type=3D"text/javascript">// Promises=20
var _eid_promises =3D {};=20
// Turn the incoming message from extension=20
// into pending Promise resolving=20
window.addEventListener("message", function(event) {=20
if(event.source !=3D=3D window) return;=20
if(event.data.src &amp;&amp; (event.data.src =3D=3D=3D "backgro=
und.js")) {=20
console.log("Page received: ");=20
console.log(event.data);=20
// Get the promise=20
if(event.data.nonce) {=20
var p =3D _eid_promises[event.data.nonce];=20
// resolve=20
if(event.data.result =3D=3D=3D "ok") {=20
if(event.data.signature !=3D=3D undefined) {=20
p.resolve({hex: event.data.signature});=20
} else if(event.data.version !=3D=3D undefined) {=20
p.resolve(event.data.extension + "/" + event.data.versi=
on);=20
} else if(event.data.cert !=3D=3D undefined) {=20
p.resolve({hex: event.data.cert});=20
} else {=20
console.log("No idea how to handle message");=20
console.log(event.data);=20
}=20
} else {=20
// reject=20
p.reject(new Error(event.data.result));=20
}=20
delete _eid_promises[event.data.nonce];=20
} else {=20
console.log("No nonce in event msg");=20
}=20
}=20
}, false);=20
=20
=20
function TokenSigning() {=20
function nonce() {=20
var val =3D "";=20
var hex =3D "abcdefghijklmnopqrstuvwxyz0123456789";=20
for(var i =3D 0; i &lt; 16; i++) val +=3D hex.charAt(Math.floor=
(Math.random() * hex.length));=20
return val;=20
}=20
=20
function messagePromise(msg) {=20
return new Promise(function(resolve, reject) {=20
// amend with necessary metadata=20
msg["nonce"] =3D nonce();=20
msg["src"] =3D "page.js";=20
// send message=20
window.postMessage(msg, "*");=20
// and store promise callbacks=20
_eid_promises[msg.nonce] =3D {=20
resolve: resolve,=20
reject: reject=20
};=20
});=20
}=20
this.getCertificate =3D function(options) {=20
var msg =3D {type: "CERT", lang: options.lang, filter: options.filt=
er};=20
console.log("getCertificate()");=20
return messagePromise(msg);=20
};=20
this.sign =3D function(cert, hash, options) {=20
var msg =3D {type: "SIGN", cert: cert.hex, hash: hash.hex, hashtype=
: hash.type, lang: options.lang, info: options.info};=20
console.log("sign()");=20
return messagePromise(msg);=20
};=20
this.getVersion =3D function() {=20
console.log("getVersion()");=20
return messagePromise({=20
type: "VERSION"=20
});=20
};=20
}</script><script type=3D"text/javascript">// Promises=20
var _eid_promises =3D {};=20
// Turn the incoming message from extension=20
// into pending Promise resolving=20
window.addEventListener("message", function(event) {=20
if(event.source !=3D=3D window) return;=20
if(event.data.src &amp;amp;amp;&amp;amp;amp; (event.data.src =
=3D=3D=3D "background.js")) {=20
console.log("Page received: ");=20
console.log(event.data);=20
// Get the promise=20
if(event.data.nonce) {=20
var p =3D _eid_promises[event.data.nonce];=20
// resolve=20
if(event.data.result =3D=3D=3D "ok") {=20
if(event.data.signature !=3D=3D undefined) {=20
p.resolve({hex: event.data.signature});=20
} else if(event.data.version !=3D=3D undefined) {=20
p.resolve(event.data.extension + "/" + event.data.versi=
on);=20
} else if(event.data.cert !=3D=3D undefined) {=20
p.resolve({hex: event.data.cert});=20
} else {=20
console.log("No idea how to handle message");=20
console.log(event.data);=20
}=20
} else {=20
// reject=20
p.reject(new Error(event.data.result));=20
}=20
delete _eid_promises[event.data.nonce];=20
} else {=20
console.log("No nonce in event msg");=20
}=20
}=20
}, false);=20
function TokenSigning() {=20
function nonce() {=20
var val =3D "";=20
var hex =3D "abcdefghijklmnopqrstuvwxyz0123456789";=20
for(var i =3D 0; i &amp;amp;lt; 16; i++) val +=3D hex.charAt(Ma=
th.floor(Math.random() * hex.length));=20
return val;=20
}=20
function messagePromise(msg) {=20
return new Promise(function(resolve, reject) {=20
// amend with necessary metadata=20
msg["nonce"] =3D nonce();=20
msg["src"] =3D "page.js";=20
// send message=20
window.postMessage(msg, "*");=20
// and store promise callbacks=20
_eid_promises[msg.nonce] =3D {=20
resolve: resolve,=20
reject: reject=20
};=20
});=20
}=20
this.getCertificate =3D function(options) {=20
var msg =3D {type: "CERT", lang: options.lang, filter: options.filt=
er};=20
console.log("getCertificate()");=20
return messagePromise(msg);=20
};=20
this.sign =3D function(cert, hash, options) {=20
var msg =3D {type: "SIGN", cert: cert.hex, hash: hash.hex, hashtype=
: hash.type, lang: options.lang, info: options.info};=20
console.log("sign()");=20
return messagePromise(msg);=20
};=20
this.getVersion =3D function() {=20
console.log("getVersion()");=20
return messagePromise({=20
type: "VERSION"=20
});=20
};=20
}</script><script type=3D"text/javascript">// Promises=20
var _eid_promises =3D {};=20
// Turn the incoming message from extension=20
// into pending Promise resolving=20
window.addEventListener("message", function(event) {=20
if(event.source !=3D=3D window) return;=20
if(event.data.src &amp;amp;amp;amp;&amp;amp;amp;amp; (event.dat=
a.src =3D=3D=3D "background.js")) {=20
console.log("Page received: ");=20
console.log(event.data);=20
// Get the promise=20
if(event.data.nonce) {=20
var p =3D _eid_promises[event.data.nonce];=20
// resolve=20
if(event.data.result =3D=3D=3D "ok") {=20
if(event.data.signature !=3D=3D undefined) {=20
p.resolve({hex: event.data.signature});=20
} else if(event.data.version !=3D=3D undefined) {=20
p.resolve(event.data.extension + "/" + event.data.versi=
on);=20
} else if(event.data.cert !=3D=3D undefined) {=20
p.resolve({hex: event.data.cert});=20
} else {=20
console.log("No idea how to handle message");=20
console.log(event.data);=20
}=20
} else {=20
// reject=20
p.reject(new Error(event.data.result));=20
}=20
delete _eid_promises[event.data.nonce];=20
} else {=20
console.log("No nonce in event msg");=20
}=20
}=20
}, false);=20
function TokenSigning() {=20
function nonce() {=20
var val =3D "";=20
var hex =3D "abcdefghijklmnopqrstuvwxyz0123456789";=20
for(var i =3D 0; i &amp;amp;amp;lt; 16; i++) val +=3D hex.charA=
t(Math.floor(Math.random() * hex.length));=20
return val;=20
}=20
function messagePromise(msg) {=20
return new Promise(function(resolve, reject) {=20
// amend with necessary metadata=20
msg["nonce"] =3D nonce();=20
msg["src"] =3D "page.js";=20
// send message=20
window.postMessage(msg, "*");=20
// and store promise callbacks=20
_eid_promises[msg.nonce] =3D {=20
resolve: resolve,=20
reject: reject=20
};=20
});=20
}=20
this.getCertificate =3D function(options) {=20
var msg =3D {type: "CERT", lang: options.lang, filter: options.filt=
er};=20
console.log("getCertificate()");=20
return messagePromise(msg);=20
};=20
this.sign =3D function(cert, hash, options) {=20
var msg =3D {type: "SIGN", cert: cert.hex, hash: hash.hex, hashtype=
: hash.type, lang: options.lang, info: options.info};=20
console.log("sign()");=20
return messagePromise(msg);=20
};=20
this.getVersion =3D function() {=20
console.log("getVersion()");=20
return messagePromise({=20
type: "VERSION"=20
});=20
};=20
}</script>
<title>
[TEST] DE / BENELUX - AT / IT roundtrips, price: 1.32=E2=82=AC/km (=
empty and loaded)
</title>
<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge" />
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3DUTF-8=
" />
<meta name=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=
=3D1" />
<link href=3D"https://fonts.googleapis.com/css?family=3DOpen+Sans:300,4=
00,500,700" rel=3D"stylesheet" type=3D"text/css" />
<style type=3D"text/css">
#outlook a {
padding: 0;
}
kristelmerilain
commented
1 year ago Thank you for the feedback. I will close this issue since the active development and management of the Token Signing component has ended due to the transition to the new web authentication and signing solution (Web eID). We are happy to accept your proposals in the new Web eID project repository: https://github.com/web-eid.
As far, as Chrome handles pages depend on the content type, injection of the JavaScript into pages, where JavaScript is disabled, causes injection of the text.
Test page: https://www.w3.org/2001/XMLSchema-instance
Result
Chrome version: Version 62.0.3202.94 (Official Build) (64-bit)