invidious-experimenting/src/invidious/views/token_manager.ecr
leonklingele 70cbe91776
Migrate to a good Content Security Policy (#1023)
So attacks such as XSS (see [0]) will no longer be of an issue.

[0]: https://github.com/omarroth/invidious/issues/1022
2020-03-15 16:46:08 -05:00

47 lines
1.8 KiB
Plaintext

<% content_for "header" do %>
<title><%= translate(locale, "Token manager") %> - Invidious</title>
<% end %>
<div class="pure-g h-box">
<div class="pure-u-1-3">
<h3>
<%= translate(locale, "`x` tokens", %(<span id="count">#{tokens.size}</span>)) %>
</h3>
</div>
<div class="pure-u-1-3"></div>
<div class="pure-u-1-3" style="text-align:right">
<h3>
<a href="/preferences?referer=<%= URI.encode_www_form(referer) %>"><%= translate(locale, "Preferences") %></a>
</h3>
</div>
</div>
<% tokens.each do |token| %>
<div class="h-box">
<div class="pure-g<% if token[:session] == sid %> deleted <% end %>">
<div class="pure-u-3-5">
<h4 style="padding-left:0.5em">
<code><%= token[:session] %></code>
</h4>
</div>
<div class="pure-u-1-5" style="text-align:center">
<h4><%= translate(locale, "`x` ago", recode_date(token[:issued], locale)) %></h4>
</div>
<div class="pure-u-1-5" style="text-align:right">
<h3 style="padding-right:0.5em">
<form data-onsubmit="return_false" action="/token_ajax?action_revoke_token=1&session=<%= token[:session] %>&referer=<%= env.get("current_page") %>" method="post">
<input type="hidden" name="csrf_token" value="<%= URI.encode_www_form(env.get?("csrf_token").try &.as(String) || "") %>">
<a data-onclick="revoke_token" data-session="<%= token[:session] %>" href="#">
<input style="all:unset" type="submit" value="<%= translate(locale, "revoke") %>">
</a>
</form>
</h3>
</div>
</div>
<% if tokens[-1].try &.[:session]? != token[:session] %>
<hr>
<% end %>
</div>
<% end %>