Improvements

* Correct typo in AUDIT.md
* New certification signature to release public singing key
* Use `about:blank` instead of `data:,` or `#` for dummy form actions
* Fix regression in iOS Safari (sometimes `FileReader` is unavailable)
  In lockdown mode, `FileReader` is unavailable but
  `Blob.prototype.arrayBuffer` is available.

AUDITING.md

@@ -113,7 +113,7 @@ initialisation vectors each time one is needed.
     which means that the `SubtleCrypto` API is not available. In those cases, this
     file is used to define those methods with an external implementation, provided
     by the top document. While this is necessary in these situations, it negates
-    some of isolation that a fully sandboxed environment would provide.
+    some of the isolation that a fully sandboxed environment would provide.
 -   **`src/lib/parseCmsData.ts`:** This file implements partial parsing of a CMS
     payload (used before decryption). It does not handle unprotected user data,
     but it receives user-supplied input that will ultimately be used to recover

assets/openpgp_signing_key.asc

@@ -7,6 +7,18 @@ CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC4AVasY/venT29AP9u1O1EEaIFmASF
 SWbvn/PN4skhKW1auBp5msUmiQKivwD+PPBoT1vBNDOTHtg85t5+exsmJuycFxJ1
 xZ2++XTPBQCIdQQQFggAHRYhBHrN/yLHc7dHXX6Qp/GI7f2A93QcBQJmgrveAAoJ
 EPGI7f2A93Qc8ekBAOS/oFHbGlN724MKKcvpUnaJeJPQJS+0IF7qlAIsN09HAQCI
-MJlQgpEAEBrpvNcrKSfBEGE7RhNZ6y/hS8OrStGAAQ==
-=P3T0
+MJlQgpEAEBrpvNcrKSfBEGE7RhNZ6y/hS8OrStGAAYkCMwQQAQoAHRYhBPinipKc
+cqRuI6UAFLOQEkLDMu6CBQJmg+/ZAAoJELOQEkLDMu6C4jIP/ifeyY8xHMQCAqu+
+EjBDVax/F7ZICRzksSMG4c5WzYvI1r31TgFQbbuy3FiD8mTdZwJH/7cOXkgrSSLK
+Wm1mwDz+LBNiPZg4dAcBb3VNoCr3dhe3vT/HgXKHjdpLkRSnYAmupF9CYIW/5MOg
+IaQU6ELhTTEk2iCOGgx43NOyXGkyIneaDMLw08mVxFE6x8luXnpdgtkT19SPOmKK
++Uss94QqjoDMyKTWbEmqKtJE/gY161lbBPxwDpmPmoytTkPFwW6Q0ar18HcRq3Zz
+NlsfUgTJEiADNnuj0SCIxwfint6kPjkbWT8eb60OAPRb1uRMQB9eKRSzFZXr5pih
+W8v74vvFGMWp08V6yyOsYVnbw+HgeRTR317V2SEstB3FV5MwFKc5bHEnR7qZ7ECR
+hEgQzrmofMy4mFZA8ds7IgxBdKFH4uV8I10xsqt37J72PyBhZvFr5Vh0oRO8i/lR
+DnMjdDzebFqxmlA3pD21tjvtW4vp4myirwvBUgdojrC4W3uSQU9fPxppj5qu45W6
+28KJ6xjrpxzk77kn+xzzHBmsjqkV2x7VokCneILSBlXm4EzSLb7bbIStjA5fm3Lr
+6zctbvcXDwTuDQ4FHzgJ3D238xEWSkfvdZAX6ql9sZjOtaTpTW+oCoKa6dV97krX
+DnriebPUPLX8F/ix4EqGWwr5HuCg
+=qSTz
 -----END PGP PUBLIC KEY BLOCK-----

package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@exact-realty/cms-ep-sfx",
-	"version": "1.0.13",
+	"version": "1.0.14",
 	"description": "Secure File Sharing Utility",
 	"type": "module",
 	"main": "-",

src/components/FullScreenModal.svelte

@@ -30,7 +30,7 @@
 				<form
 					class="fullscreenmodal-form"
 					method="dialog"
-					action="data:,"
+					action="about:blank"
 				>
 					<button class="fullscreenmodal-dismiss" type="submit">
 						<span class="sr-only">Close</span>

src/lib/blobToBuffer.ts

@@ -0,0 +1,37 @@
+/* Copyright © 2024 Exact Realty Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License") with LLVM
+ * exceptions; you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://llvm.org/foundation/relicensing/LICENSE.txt
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const blobToBuffer_ = (blob: Blob) => {
+	if (typeof blob.arrayBuffer === 'function') {
+		// More modern API, it also works on iOS Safari in lockdown mode
+		return blob.arrayBuffer();
+	} else if (typeof FileReader === 'function') {
+		// Older and more widely-supported API
+		return new Promise<ArrayBuffer>((resolve, reject) => {
+			const fileReader = new FileReader();
+			fileReader.onerror = () => {
+				reject(fileReader.error);
+			};
+			fileReader.onload = () => {
+				resolve(fileReader.result as ArrayBuffer);
+			};
+			fileReader.readAsArrayBuffer(blob);
+		});
+	} else {
+		throw new Error('Unable to read file contents');
+	}
+};
+
+export default blobToBuffer_;

src/lib/generateHtml.ts

@@ -70,7 +70,7 @@ export const tbsPayload_ = async (
 		// `frame-ancestors` isn't supported as http-equiv and it causes issues
 		// with WebKit.
 		// `form-action data:` is so that form action=modal works
-		` content="default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data: '${fallbackMessage.sri}' '${loader.sri}' '${mainScriptTextSriDigest}'; script-src-attr 'none'; style-src data: '${cssTextSriDigest}'; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; form-action data:"` +
+		` content="default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data: '${fallbackMessage.sri}' '${loader.sri}' '${mainScriptTextSriDigest}'; script-src-attr 'none'; style-src data: '${cssTextSriDigest}'; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; form-action about:"` +
 		'/>' +
 		`<title>HTML CMS Tool</title>` +
 		`<script src="data:text/javascript;base64,${encodeURIComponent(fallbackMessage.contentBase64)}" integrity="${xmlEscapeAttr(fallbackMessage.sri)}" crossorigin="anonymous">` +

src/pages/decrypt.svelte

@@ -359,7 +359,7 @@
 				on:submit|preventDefault={handleFormSubmit}
 				on:reset={handleFormReset}
 				aria-busy={working ? 'true' : 'false'}
-				action="#"
+				action="about:blank"
 				method="POST"
 				rel={blob instanceof Blob ? '' : 'next'}
 			>

src/pages/encrypt.svelte

@@ -26,6 +26,7 @@
 	import ErrorModal from '~/components/ErrorModal.svelte';
 	import Loading from '~/components/Loading.svelte';
 	import EFormFields from '~/lib/EFormFields.js';
+	import blobToBuffer from '~/lib/blobToBuffer.js';
 	import downloadArchive from '~/lib/downloadArchive.js';
 	import {
 		ENCRYPT_DROPZONE_ELEMENT_ID_,
@@ -276,16 +277,7 @@
 				? parseInt(_userIterationCount[1])
 				: defaultIterationCount;
 
-			const buffer = await new Promise<ArrayBuffer>((resolve, reject) => {
-				const fileReader = new FileReader();
-				fileReader.onerror = () => {
-					reject(fileReader.error);
-				};
-				fileReader.onload = () => {
-					resolve(fileReader.result as ArrayBuffer);
-				};
-				fileReader.readAsArrayBuffer(_file);
-			});
+			const buffer = await blobToBuffer(_file);
 
 			if (
 				typeof cmsSandbox !== 'function' ||

src/utils/server.ts

@@ -34,7 +34,7 @@ const server = http.createServer((req, res) => {
 			['content-type', 'text/html; charset=UTF-8'],
 			[
 				'content-security-policy',
-				"default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data:; script-src-attr 'none'; style-src data:; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; frame-ancestors 'self'; form-action 'self' data:",
+				"default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data:; script-src-attr 'none'; style-src data:; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; frame-ancestors 'self'; form-action 'self' about:",
 			],
 			[
 				'permissions-policy',