diff --git a/README.md b/README.md
index 7c812d4..f5942fc 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ This small module is to help you add the [Women's Refuge Shielded Site button](h
This code will help you add the shield to your SilverStripe website.
-Select the preferred size in your SiteConfig, and the `WomensRefugeShieldControllerExtension` will inject the necessary javascript and css in to your pages.
+Select the preferred size in your SiteConfig, and the `WomensRefugeShieldControllerExtension` will inject the necessary Javascript and CSS in to your pages.
That's all there is to it.
@@ -26,6 +26,25 @@ Alternatively, you can include `$WomensRefugeShieldButton` anywhere in your temp
+## Security
+
+This module does allow Javascript from a third-party source, and as such should be treated with a level of caution. Theoretically, this could change at any time. As a result, a copy of the Javascript has been included in the module, which will be periodically updated when the remote script is.
+
+By default, the module will use the committed version of the Javascript. To authorise the use of the remote version, add the following to your site config:
+
+```yaml
+WomensRefugeShieldControllerExtension:
+ use_remote_js: true
+```
+
+We have spoken with the original authors of the script, and it has undergone security testing, in particular with regards to:
+
+- How well the site meets the objectives of being difficult to detect.
+- How secure the Shielded Site is.
+- Whether the inclusion of the Shielded Site introduces significant risk to sites it is hosted on.
+
+We are satisfied with this review, but each site is different and will have different requirements for you to consider.
+
# Options
You can view all the options on the [Women's Refuge Shielded Site website](https://shielded.co.nz/).
@@ -38,5 +57,5 @@ You can view all the options on the [Women's Refuge Shielded Site website](https
# Special Thanks
- Katie Elks for the inspiration!
-- Simon Erkelens for the module Skeleton!
+- Simon Erkelens for the module skeleton!
- [Women's Refuge New Zealand](https://shielded.co.nz/) for the implementation!
diff --git a/code/WomensRefugeShieldControllerExtension.php b/code/WomensRefugeShieldControllerExtension.php
index 62fd5e9..3e24984 100644
--- a/code/WomensRefugeShieldControllerExtension.php
+++ b/code/WomensRefugeShieldControllerExtension.php
@@ -1,6 +1,5 @@
ShieldCode) {
case 1:
- Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
- Requirements::javascript($jsDir.'large_tab.js');
+ $this->requireCoreJS();
+ Requirements::javascript($this->jsDir . 'large_tab.js');
break;
case 2:
- Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
- Requirements::javascript($jsDir.'small_tab.js');
+ $this->requireCoreJS();
+ Requirements::javascript($this->jsDir . 'small_tab.js');
break;
}
}
public function getWomensRefugeShieldButton()
{
+ $this->requireCoreJS();
return $this->owner->renderWith('WomensRefugeShieldButton');
}
+
+ protected function requireCoreJS()
+ {
+ if (Config::inst()->get(self::class, 'use_remote_js')) {
+ Requirements::javascript('https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js');
+ } else {
+ Requirements::javascript($this->jsDir . 'k33spt.min.js');
+ }
+ }
}
diff --git a/code/WomensRefugeShieldSiteConfigExtension.php b/code/WomensRefugeShieldSiteConfigExtension.php
index 98c3b3f..8afb8b0 100644
--- a/code/WomensRefugeShieldSiteConfigExtension.php
+++ b/code/WomensRefugeShieldSiteConfigExtension.php
@@ -8,7 +8,6 @@
*/
class WomensRefugeShieldSiteConfigExtension extends DataExtension
{
-
private static $db = array(
'ShieldCode' => 'Int'
);
@@ -16,11 +15,11 @@ class WomensRefugeShieldSiteConfigExtension extends DataExtension
public function updateCMSFields(FieldList $fields)
{
$fields->addFieldToTab('Root.Main',
- $selector = DropdownField::create('ShieldCode', 'Select the type of shield to display', [
- 1 => 'Large Tab',
- 2 => 'Small Tab',
- 3 => 'None',
- ]));
- $selector->setEmptyString('-- Choose your shield --');
+ DropdownField::create('ShieldCode', 'Select the type of shield to display', [
+ 1 => 'Large Tab',
+ 2 => 'Small Tab',
+ 3 => 'None',
+ ])->setEmptyString('-- Choose your shield --')
+ );
}
}
diff --git a/javascript/k33spt.min.js b/javascript/k33spt.min.js
new file mode 100644
index 0000000..0d10934
--- /dev/null
+++ b/javascript/k33spt.min.js
@@ -0,0 +1 @@
+var ds07o6pcmkorn=function(e){var t=this;t.left=e.left||0,t.top=e.top||0,t.icon=e.iconSize||"big",t.smallIcon="https://d3f5l8ze0o4j2m.cloudfront.net/m87/sm.png",t.bigIcon="https://d3f5l8ze0o4j2m.cloudfront.net/m87/lg.png",t.elementId=e.openElementId||"",t.btn=function(){return'+')
'},t.frame='',t.iconSize=function(e){return"big"===e?t.bigIcon:t.smallIcon},t.addButton=function(){document.body.insertAdjacentHTML("afterbegin",t.btn())},t.openFrame=function(e){e.preventDefault?e.preventDefault():e.returnValue=!1,t.modalEl.style.display="block",document.body.style.overflow="hidden",t.frameOpenerEl.style.opacity=0},t.closeFrame=function(e){e.preventDefault?e.preventDefault():e.returnValue=!1,document.body.removeAttribute("style"),t.modalEl.style.display="none",t.frameOpenerEl.style.opacity=1},t.init=function(){document.body.insertAdjacentHTML("afterbegin",t.frame),t.modalEl=document.getElementById("modal"),document.getElementById("frame-close").addEventListener("click",t.closeFrame),t.elementId?t.frameOpenerEl=document.querySelector(t.elementId):(t.addButton(),t.frameOpenerEl=document.getElementById("frame-opener")),t.frameOpenerEl.addEventListener("click",t.openFrame)}};
diff --git a/templates/WomensRefugeShieldButton.ss b/templates/WomensRefugeShieldButton.ss
index f30b066..d0e3661 100644
--- a/templates/WomensRefugeShieldButton.ss
+++ b/templates/WomensRefugeShieldButton.ss
@@ -1,4 +1,3 @@
-<% require javascript("https://d3f5l8ze0o4j2m.cloudfront.net/m87/k33spt.js") %>
<% require javascript("womens-refuge-shield/javascript/button.js") %>
<% require css("womens-refuge-shield/css/button.css") %>
