search

unverbuggt / mkdocs-encryptcontent-plugin

A MkDocs plugin that encrypt/decrypt markdown content with AES
https://unverbuggt.github.io/mkdocs-encryptcontent-plugin/
MIT License
123 stars 15 forks source link

enable the execution of encrypted javascript code #30

Closed unverbuggt closed 1 year ago

unverbuggt commented 2 years ago

Hi,

in one of my projects I wanted to include small javscript code in an encrypted page which shouldn't be readable without knowing the password. So reload_js was not an option, besides it requires jquery which I do not use in my theme.

I made some small changes to find a script id and eval it on successful decryption: plugin.py

@@ -74,6 +74,7 @@ class encryptContentPlugin(BasePlugin):
         ('encrypted_something', config_options.Type(dict, default={})),
         ('search_index', config_options.Choice(('clear', 'dynamically', 'encrypted'), default='encrypted')),
         ('reload_scripts', config_options.Type(list, default=[])),
+        ('eval_script_id', config_options.Type(string_types, default='')),
         ('experimental', config_options.Type(bool, default=False)),
         # legacy features, doesn't exist anymore
         ('disable_cookie_protection', config_options.Type(bool, default=False)),
@@ -137,6 +138,7 @@ class encryptContentPlugin(BasePlugin):
             'default_expire_dalay': int(self.config['default_expire_dalay']),
             'encrypted_something': self.config['encrypted_something'],
             'reload_scripts': self.config['reload_scripts'],
+            'eval_script_id': self.config['eval_script_id'],
             'experimental': self.config['experimental']
         })
         return decrypt_js

decrypt-contents.tpl.js

@@ -182,6 +182,12 @@ function decrypt_action(password_input, encrypted_content, decrypted_content) {
             reload_js(reload_scripts[i]);
         }
         {%- endif %}
+        {% if eval_script_id != '' -%}
+        let eval_script = document.getElementById("{{ eval_script_id }}");
+        if (eval_script) {
+            eval(eval_script.innerHTML);
+        }
+        {%- endif %}
         return true
     } else {
         // create HTML element for the inform message

here is an example configuration: eval_script_id_example.zip It's a bit tricky, because if you simply declare a function it won't be usable by f.ex. onClick events. the function needs to be declared in a window.newfunction = function() { ... } style, but see the example.

I'll just leave it here as suggestion. It's probably not the most elegant way (because it is a bit tricky and required adjusting the javascript code) but i works for me. Another suggestion would be to rewrite the reload_js function not to use jquery.

CoinK0in commented 1 year ago

Regarding your remarks about this function, I haven't found any acceptable ways to do what you want. Using eval() may be the correct method, but... I don't want to use it.

I therefore decide not to implement your proposal for the moment (in the hope of finding something better). However, you can implement your reload function yourself, by using the new override default templates in Version 2.3.0.

unverbuggt commented 1 year ago

you are right, the use if eval is not a good practice. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/eval?retiredLocale=de#never_use_eval!