Skip to content

Commit

Permalink
Rename Safe mode to Restricted mode #1259 (#1265)
Browse files Browse the repository at this point in the history
  • Loading branch information
Jaifroid authored Jul 9, 2024
1 parent 9621ea9 commit 77407af
Show file tree
Hide file tree
Showing 8 changed files with 111 additions and 111 deletions.
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ viewable (if at all). Our sister app https://pwa.kiwix.org has some further supp
Be sure to get your ZIM archives only from a secure source, such as the official Kiwix library. This is because ZIM archives can run dynamic code in your browser. While
we do our best to sandbox the ZIM's content, a detemined malicious ZIM could remove the sandbox and redirect the iframe to, say, a phishing Web site. For this reason
we now show a Security Warning when you open a ZIM with dynamic content in ServiceWorker mode for the first time. If you do not trust the source of the ZIM, and wish to
browser static content safely, then open the ZIM first in Safe Mode before deciding whether to switch to ServiceWorker Mode.
browser static content safely, then open the ZIM first in Restricted Mode before deciding whether to switch to ServiceWorker Mode.

## Compatibility

Expand All @@ -60,7 +60,7 @@ would suggest that you upgrade to a browser that supports Service Workers (Chrom
### Officially supported platforms

- <img src="images/firefoxbrowser-color.svg" width="20" /> Mozilla Firefox >=56 (as an extension): [Mozilla Add-ons Store](https://addons.mozilla.org/firefox/addon/kiwix-offline/)
+ Firefox 52-56 and ESR version 58: Limited support (Safe mode only)
+ Firefox 52-56 and ESR version 58: Limited support (Restricted mode only)
- Chromium / Chrome / Edge >= 88 (as a Manifest V3 extension):
+ <img src="images/googlechrome-color.svg" width="20" /> Google Chrome >=88: [Chrome Web Store](https://chrome.google.com/webstore/detail/kiwix/donaljnlmapmngakoipdmehbfcioahhk)
+ <img src="images/microsoftedge-color.svg" width="20" /> Microsoft Edge >=88: [Edge Add-ons Store](https://microsoftedge.microsoft.com/addons/detail/kiwix/jlepddlenlljlnnhjinfaciabanbnjbp)
Expand All @@ -76,8 +76,8 @@ These platforms/browsers are deprecated. We still partially test against them, a

- Firefox OS >=1.2: needs to be installed manually on the device with WebIDE
- Microsoft Edge Legacy >=17: no extension available, but bookmark https://browser-extension.kiwix.org or https://pwa.kiwix.org
- Microsoft Edge Legacy 15-16: needs to run a bundled version of the source code in Safe mode only
- Microsoft Internet Explorer 11: needs to run a bundled version of the source code in Safe mode only
- Microsoft Edge Legacy 15-16: needs to run a bundled version of the source code in Restricted mode only
- Microsoft Internet Explorer 11: needs to run a bundled version of the source code in Restricted mode only

**_You can build a bundled version by running `npm install` and `npm run build` in the root directory of this repo._** Alternatively, a bundled version is served
as a web app for testing from https://kiwix.github.io/kiwix-js/dist/ (also available on the `gh-pages` branch of this repo, under `/dist`).
Expand Down Expand Up @@ -111,7 +111,7 @@ for security reasons. In both cases we offer a functional workaround (an offline
- "ServiceWorkerLocal" mode is a restricted ServiceWorker mode that is available only in Chromium extensions running fully locally. Chromium
extensions running locally block (by design) a lot of dynamic content such as inline JavaScript and `eval`, which means this mode won't work
with some modern dynamic content, and in particular, it won't work with Zimit-based archives (if you open one of these in this mode, you
will be thrown back to Safe mode in order to view static content). However, this mode is useful if you cannot access the offline-first PWA,
will be thrown back to Restricted mode in order to view static content). However, this mode is useful if you cannot access the offline-first PWA,
and should work with most official Kiwix ZIM archives;
- "Safe" mode prevents running attached scripts in the iframe, and so is useful for checking the contents of a ZIM before deciding it is safe
to run. This mode also works in browsers that do not support Service Workers. It parses the DOM to find the HTML tags of the dependencies and
Expand Down
50 changes: 25 additions & 25 deletions i18n/en.jsonp.js

Large diffs are not rendered by default.

54 changes: 27 additions & 27 deletions i18n/es.jsonp.js

Large diffs are not rendered by default.

48 changes: 24 additions & 24 deletions i18n/fr.jsonp.js

Large diffs are not rendered by default.

28 changes: 14 additions & 14 deletions www/index.html
Original file line number Diff line number Diff line change
Expand Up @@ -141,7 +141,7 @@ <h2 id="contents">
<ul>
<li><a href="#format" data-i18n="about-zim-format">ZIM archive format</a></li>
<li><a href="#FAT" data-i18n="about-fat-fs">Downloading and storing large archives</a></li>
<li><a href="#modes" data-i18n="about-contentinjection-modes">ServiceWorker and Safe modes</a></li>
<li><a href="#modes" data-i18n="about-contentinjection-modes">ServiceWorker and Restricted modes</a></li>
</ul>
</li>
<li><a href="#feedback" data-i18n="about-feedback">Feedback/helping/contributing</a></li>
Expand Down Expand Up @@ -290,7 +290,7 @@ <h4 id="format" data-i18n="about-zim-format">ZIM archive format</h4>
</p>
<p data-i18n="about-zim-format-para2">
This application is now fully compatible with archives that are created by <b>Zimit</b> (<a href="https://youzim.it" target="_blank">https://youzim.it&nbsp;<img src="img/Icon_External_Link.png" /></a>)
using the Web Archive (WARC) format, so long as your browser supports ServiceWorker mode. If you can only use Safe mode (or ServiceWorkerLocal), we do
using the Web Archive (WARC) format, so long as your browser supports ServiceWorker mode. If you can only use Restricted mode (or ServiceWorkerLocal), we do
our best to show you the static content of the requested article (no JavaScript can run in this mode). This will work for some basic static sites, but many will look broken.
Search for content in the usual way.
</p>
Expand All @@ -316,10 +316,10 @@ <h4 id="FAT" data-i18n="about-fat-fs">Downloading and storing large archives</h4
</p>
<p style="text-align: right"><a href="#contents" data-i18n="about-back-contents">↑ Back to Contents</a></p>

<h4 id="modes" data-i18n="about-contentinjection-modes">ServiceWorker and Safe modes</h4>
<h4 id="modes" data-i18n="about-contentinjection-modes">ServiceWorker and Restricted modes</h4>
<p>
<span data-i18n="about-contentinjection-para1">Depending on your browser or framework, this app may be capable of running in
different modes, which we call "ServiceWorker Mode" and "Safe Mode". There is a toggle under Compatibility Settings in
different modes, which we call "ServiceWorker Mode" and "Restricted Mode". There is a toggle under Compatibility Settings in
Configuration that allows you to select between these. Here is a technical explanation of what these modes do:</span>
<ul>
<li data-i18n="about-contentinjection-para2">
Expand All @@ -328,7 +328,7 @@ <h4 id="modes" data-i18n="about-contentinjection-modes">ServiceWorker and Safe m
the browser or framework's Fetch calls (network requests) and supplying the requested content from the ZIM. In this
mode, the content is read and supplied as-is from the archive to the browser. Dynamic content (e.g. JavaScript) and
proprietary UIs are fully supported in this mode. This mode can feel initially a little
slower than Safe mode until commonly used assets are cached, but it soon equals Safe mode in speed, at least in
slower than Restricted mode until commonly used assets are cached, but it soon equals Restricted mode in speed, at least in
modern browsers. However, older browsers such as IE11 are incompatible with this mode, and the app must be running
in a secure context (<code>https:</code>, <code>localhost</code>, or certain browser extensions). While this mode is
not natively supported in Mozilla (Firefox) browser extensions, we provide a functional workaround by re-launching
Expand All @@ -343,7 +343,7 @@ <h4 id="modes" data-i18n="about-contentinjection-modes">ServiceWorker and Safe m
are protected from inline code execution at the cost of loss of some features in dynamic ZIMs.
</li>
<li data-i18n="about-contentinjection-para4">
<b>Safe Mode</b>: This mode prevents attached scripts from running in the iframe, so it is useful for checking the static
<b>Restricted Mode</b>: This mode prevents attached scripts from running in the iframe, so it is useful for checking the static
content of a ZIM before you allow scripts to run. It is also compatible with older browsers or frameworks that cannot run
Service Workers.The mode has limitations which
mean that only static content can be displayed, such as that found in Wikipedia / WikiMedia archives and (for now)
Expand Down Expand Up @@ -498,7 +498,7 @@ <h2 data-i18n="configure-title">Configuration</h2>
</label>
</span>
<br />
<strong id="jqueryCompatibility" data-i18n="configure-static-content">Only ZIMs with static content (e.g. Wiki-style) are supported in Safe mode.<br /></strong>
<strong id="jqueryCompatibility" data-i18n="configure-static-content">Only ZIMs with static content (e.g. Wiki-style) are supported in Restricted mode.<br /></strong>
<span data-i18n="configure-supportedarchives">For information on ZIM compatibility, see</span> <a href="#usage" data-i18n="configure-about-usage-link" class="aboutLinks">About (Usage)</a>.<br />
</div>
<div id="scanningForArchives" style="display: none;">
Expand Down Expand Up @@ -634,7 +634,7 @@ <h3 data-i18n="configure-performance-settings-title">Performance / compatibility
<label data-i18n-tip="configure-previews-tip" title="Shows a small popup preview of Wikipedia and Wikivoyage articles when the pointer is hovered over an article link. Turn this off if it is too slow or interferes wtih display of articles on small-screen devices.">
<input type="checkbox" name="showPopoverPreviews" id="showPopoverPreviewsCheck" checked>
<span data-i18n="configure-previews">
<b>Show a popover preview of <i>Wikipedia / Wkivoyage</i> articles</b> when hovering over links (<i>limited functionality in Safe Mode</i>)
<b>Show a popover preview of <i>Wikipedia / Wkivoyage</i> articles</b> when hovering over links (<i>limited functionality in Restricted Mode</i>)
</span>
</label>
</div>
Expand All @@ -652,21 +652,21 @@ <h3 data-i18n="configure-performance-settings-title">Performance / compatibility
<label data-i18n-tip="configure-compatibility-option-serviceworker-tip" title="This mode requires that the browser or framework be capable of installing a Service Worker. It enables dynamic ZIM content and running JavaScript (including inline JS). It works by intercepting the browser's Fetch calls and supplying the requested content from the ZIM.">
<input type="radio" name="contentInjectionMode" value="serviceworker"
id="serviceworkerModeRadio">
<span data-i18n="configure-compatibility-option-serviceworker"><strong>ServiceWorker</strong> (<i>recommended</i>, supports dynamic content and inline JavaScript)</span>
<span data-i18n="configure-compatibility-option-serviceworker"><strong>ServiceWorker Mode</strong> (<i>recommended</i>, supports dynamic content and inline JavaScript)</span>
</label>
</div>
<div id="serviceWorkerLocal" class="radio">
<label data-i18n-tip="configure-compatibility-option-serviceworkerlocal-tip" title="[For Chromium extensions only:] This mode runs the Service Worker in a secure local sandbox, and does not need one-time access to our PWA server. However, due to the strong security restrictions in the API, it is not capable of running inline JavaScript, so dynamic ZIM content may fail.">
<input type="radio" name="contentInjectionMode" value="serviceworkerlocal"
id="serviceworkerLocalModeRadio">
<span data-i18n="configure-compatibility-option-serviceworkerlocal"><strong>ServiceWorkerLocal</strong> (secure local Service Worker, but <i>no inline JavaScript</i>)</span>
<span data-i18n="configure-compatibility-option-serviceworkerlocal"><strong>ServiceWorkerLocal Mode</strong> (secure local Service Worker, but <i>no inline JavaScript</i>)</span>
</label>
</div>
<div class="radio">
<label data-i18n-tip="configure-compatibility-option-jquery-tip" title="This mode cannot run dynamic ZIM files. However, static ZIM archives like Wikipedia / Wikimedia should work fine.">
<input type="radio" name="contentInjectionMode" value="jquery"
id="jqueryModeRadio" checked>
<span data-i18n="configure-compatibility-option-jquery"><strong>Safe Mode</strong>(No dynamic content, compatible with older browsers)</span>
<span data-i18n="configure-compatibility-option-jquery"><strong>Restricted Mode</strong>(No dynamic content, compatible with older browsers)</span>
</label>
</div>
</div>
Expand Down Expand Up @@ -694,7 +694,7 @@ <h3 data-i18n="configure-expert-settings-title">Expert settings</h3>
<div data-i18n="configure-expert-panel-header" class="card-header">Troubleshooting and development</div>
<div class="card-body">
<div class="checkbox">
<label data-i18n-tip="configure-expert-hideactivecontentwarning-tip" title="A warning is shown if you load a ZIM that has active or dynamic content while you are in Safe mode. It is not recommended to disable this warning.">
<label data-i18n-tip="configure-expert-hideactivecontentwarning-tip" title="A warning is shown if you load a ZIM that has active or dynamic content while you are in Restricted mode. It is not recommended to disable this warning.">
<input type="checkbox" name="hideActiveContentWarning"
id="hideActiveContentWarningCheck">
<span data-i18n="configure-expert-hideactivecontentwarning"><strong>Permanently hide active content warning</strong> (for
Expand All @@ -715,7 +715,7 @@ <h3 data-i18n="configure-expert-settings-title">Expert settings</h3>
</label>
</div>
<div class="checkbox" id="enableSourceVerificationCheckBox">
<label data-i18n-tip="configure-expert-enable-source-verification-tip" title="Warning: Some ZIM archives from untrusted sources could run malicious code in your browser. This can be prevented by using Safe mode, which cannot run active content from the ZIM. Highly dynamic ZIMs will probably fail in Safe mode, but ZIMs with largely static content should work. If you trust the source of all of your ZIMs, then disabling this option will use ServiceWorker mode by default, if available.">
<label data-i18n-tip="configure-expert-enable-source-verification-tip" title="Warning: Some ZIM archives from untrusted sources could run malicious code in your browser. This can be prevented by using Restricted mode, which cannot run active content from the ZIM. Highly dynamic ZIMs will probably fail in Restricted mode, but ZIMs with largely static content should work. If you trust the source of all of your ZIMs, then disabling this option will use ServiceWorker mode by default, if available.">
<input type="checkbox" name="disableFileVerification" id="enableSourceVerification" >
<span data-i18n="configure-expert-enable-source-verification-check-box"><strong>Enable source verification of new files</strong> (<i>recommended</i>: you will only be prompted the first time you open a ZIM)</span>
</label>
Expand Down Expand Up @@ -783,7 +783,7 @@ <h3 data-i18n="configure-expert-settings-title">Expert settings</h3>
<div id="activeContent" style="display:none;" class="kiwix-alert alert alert-warning alert-dismissible fade show">
<button type="button" class="close" data-hide="alert">&times;</button>
<strong data-i18n="alert-activecontentwarning-title">Unable to display active content:</strong>
<span data-i18n="alert-activecontentwarning-part1">This ZIM is not fully supported in Safe mode.<br />
<span data-i18n="alert-activecontentwarning-part1">This ZIM is not fully supported in Restricted mode.<br />
Content may be available by clicking search button above (or type a letter of the alphabet), or else</span>
<a id="swModeLink" data-i18n="alert-activecontentwarning-part2" href="#contentInjectionModeDiv" class="alert-link">switch to ServiceWorker mode</a>
<span data-i18n="alert-activecontentwarning-part3">if your platform supports it.</span>&nbsp;
Expand Down
Loading

0 comments on commit 77407af

Please sign in to comment.