From f684dea1a07f53fb967d3c7aed7dd5ffc31515b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ricardo=20Iv=C3=A1n=20Vieitez=20Parra?=
 <3857362+corrideat@users.noreply.github.com>
Date: Sat, 6 Jul 2024 14:38:08 +0000
Subject: [PATCH] Improvements

* Correct typo in AUDIT.md
* New certification signature to release public singing key
* Use `about:blank` instead of `data:,` or `#` for dummy form actions
* Fix regression in iOS Safari (sometimes `FileReader` is unavailable)
  In lockdown mode, `FileReader` is unavailable but
  `Blob.prototype.arrayBuffer` is available.
---
 AUDITING.md                           |  2 +-
 assets/openpgp_signing_key.asc        | 16 ++++++++++--
 package-lock.json                     |  4 +--
 package.json                          |  2 +-
 src/components/FullScreenModal.svelte |  2 +-
 src/lib/blobToBuffer.ts               | 37 +++++++++++++++++++++++++++
 src/lib/generateHtml.ts               |  2 +-
 src/pages/decrypt.svelte              |  2 +-
 src/pages/encrypt.svelte              | 12 ++-------
 src/utils/server.ts                   |  2 +-
 10 files changed, 61 insertions(+), 20 deletions(-)
 create mode 100644 src/lib/blobToBuffer.ts

diff --git a/AUDITING.md b/AUDITING.md
index ae3b1fd..8284959 100644
--- a/AUDITING.md
+++ b/AUDITING.md
@@ -113,7 +113,7 @@ initialisation vectors each time one is needed.
     which means that the `SubtleCrypto` API is not available. In those cases, this
     file is used to define those methods with an external implementation, provided
     by the top document. While this is necessary in these situations, it negates
-    some of isolation that a fully sandboxed environment would provide.
+    some of the isolation that a fully sandboxed environment would provide.
 -   **`src/lib/parseCmsData.ts`:** This file implements partial parsing of a CMS
     payload (used before decryption). It does not handle unprotected user data,
     but it receives user-supplied input that will ultimately be used to recover
diff --git a/assets/openpgp_signing_key.asc b/assets/openpgp_signing_key.asc
index cbaaaa4..0056f93 100644
--- a/assets/openpgp_signing_key.asc
+++ b/assets/openpgp_signing_key.asc
@@ -7,6 +7,18 @@ CQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC4AVasY/venT29AP9u1O1EEaIFmASF
 SWbvn/PN4skhKW1auBp5msUmiQKivwD+PPBoT1vBNDOTHtg85t5+exsmJuycFxJ1
 xZ2++XTPBQCIdQQQFggAHRYhBHrN/yLHc7dHXX6Qp/GI7f2A93QcBQJmgrveAAoJ
 EPGI7f2A93Qc8ekBAOS/oFHbGlN724MKKcvpUnaJeJPQJS+0IF7qlAIsN09HAQCI
-MJlQgpEAEBrpvNcrKSfBEGE7RhNZ6y/hS8OrStGAAQ==
-=P3T0
+MJlQgpEAEBrpvNcrKSfBEGE7RhNZ6y/hS8OrStGAAYkCMwQQAQoAHRYhBPinipKc
+cqRuI6UAFLOQEkLDMu6CBQJmg+/ZAAoJELOQEkLDMu6C4jIP/ifeyY8xHMQCAqu+
+EjBDVax/F7ZICRzksSMG4c5WzYvI1r31TgFQbbuy3FiD8mTdZwJH/7cOXkgrSSLK
+Wm1mwDz+LBNiPZg4dAcBb3VNoCr3dhe3vT/HgXKHjdpLkRSnYAmupF9CYIW/5MOg
+IaQU6ELhTTEk2iCOGgx43NOyXGkyIneaDMLw08mVxFE6x8luXnpdgtkT19SPOmKK
++Uss94QqjoDMyKTWbEmqKtJE/gY161lbBPxwDpmPmoytTkPFwW6Q0ar18HcRq3Zz
+NlsfUgTJEiADNnuj0SCIxwfint6kPjkbWT8eb60OAPRb1uRMQB9eKRSzFZXr5pih
+W8v74vvFGMWp08V6yyOsYVnbw+HgeRTR317V2SEstB3FV5MwFKc5bHEnR7qZ7ECR
+hEgQzrmofMy4mFZA8ds7IgxBdKFH4uV8I10xsqt37J72PyBhZvFr5Vh0oRO8i/lR
+DnMjdDzebFqxmlA3pD21tjvtW4vp4myirwvBUgdojrC4W3uSQU9fPxppj5qu45W6
+28KJ6xjrpxzk77kn+xzzHBmsjqkV2x7VokCneILSBlXm4EzSLb7bbIStjA5fm3Lr
+6zctbvcXDwTuDQ4FHzgJ3D238xEWSkfvdZAX6ql9sZjOtaTpTW+oCoKa6dV97krX
+DnriebPUPLX8F/ix4EqGWwr5HuCg
+=qSTz
 -----END PGP PUBLIC KEY BLOCK-----
diff --git a/package-lock.json b/package-lock.json
index 33ec095..44dc171 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
 	"name": "@exact-realty/cms-ep-sfx",
-	"version": "1.0.13",
+	"version": "1.0.14",
 	"lockfileVersion": 3,
 	"requires": true,
 	"packages": {
 		"": {
 			"name": "@exact-realty/cms-ep-sfx",
-			"version": "1.0.13",
+			"version": "1.0.14",
 			"license": "Apache-2.0 WITH LLVM-exception",
 			"devDependencies": {
 				"@exact-realty/asn1-der": "^1.0.1",
diff --git a/package.json b/package.json
index 2e05a6e..5f9dbbf 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@exact-realty/cms-ep-sfx",
-	"version": "1.0.13",
+	"version": "1.0.14",
 	"description": "Secure File Sharing Utility",
 	"type": "module",
 	"main": "-",
diff --git a/src/components/FullScreenModal.svelte b/src/components/FullScreenModal.svelte
index e1b44e1..066bdea 100644
--- a/src/components/FullScreenModal.svelte
+++ b/src/components/FullScreenModal.svelte
@@ -30,7 +30,7 @@
 				<form
 					class="fullscreenmodal-form"
 					method="dialog"
-					action="data:,"
+					action="about:blank"
 				>
 					<button class="fullscreenmodal-dismiss" type="submit">
 						<span class="sr-only">Close</span>
diff --git a/src/lib/blobToBuffer.ts b/src/lib/blobToBuffer.ts
new file mode 100644
index 0000000..dbe1a0f
--- /dev/null
+++ b/src/lib/blobToBuffer.ts
@@ -0,0 +1,37 @@
+/* Copyright © 2024 Exact Realty Limited. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License") with LLVM
+ * exceptions; you may not use this file except in compliance with the
+ * License. You may obtain a copy of the License at
+ *
+ * http://llvm.org/foundation/relicensing/LICENSE.txt
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+const blobToBuffer_ = (blob: Blob) => {
+	if (typeof blob.arrayBuffer === 'function') {
+		// More modern API, it also works on iOS Safari in lockdown mode
+		return blob.arrayBuffer();
+	} else if (typeof FileReader === 'function') {
+		// Older and more widely-supported API
+		return new Promise<ArrayBuffer>((resolve, reject) => {
+			const fileReader = new FileReader();
+			fileReader.onerror = () => {
+				reject(fileReader.error);
+			};
+			fileReader.onload = () => {
+				resolve(fileReader.result as ArrayBuffer);
+			};
+			fileReader.readAsArrayBuffer(blob);
+		});
+	} else {
+		throw new Error('Unable to read file contents');
+	}
+};
+
+export default blobToBuffer_;
diff --git a/src/lib/generateHtml.ts b/src/lib/generateHtml.ts
index 9fa1f7a..bc69663 100644
--- a/src/lib/generateHtml.ts
+++ b/src/lib/generateHtml.ts
@@ -70,7 +70,7 @@ export const tbsPayload_ = async (
 		// `frame-ancestors` isn't supported as http-equiv and it causes issues
 		// with WebKit.
 		// `form-action data:` is so that form action=modal works
-		` content="default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data: '${fallbackMessage.sri}' '${loader.sri}' '${mainScriptTextSriDigest}'; script-src-attr 'none'; style-src data: '${cssTextSriDigest}'; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; form-action data:"` +
+		` content="default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data: '${fallbackMessage.sri}' '${loader.sri}' '${mainScriptTextSriDigest}'; script-src-attr 'none'; style-src data: '${cssTextSriDigest}'; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; form-action about:"` +
 		'/>' +
 		`<title>HTML CMS Tool</title>` +
 		`<script src="data:text/javascript;base64,${encodeURIComponent(fallbackMessage.contentBase64)}" integrity="${xmlEscapeAttr(fallbackMessage.sri)}" crossorigin="anonymous">` +
diff --git a/src/pages/decrypt.svelte b/src/pages/decrypt.svelte
index 6d167cf..66631f3 100644
--- a/src/pages/decrypt.svelte
+++ b/src/pages/decrypt.svelte
@@ -359,7 +359,7 @@
 				on:submit|preventDefault={handleFormSubmit}
 				on:reset={handleFormReset}
 				aria-busy={working ? 'true' : 'false'}
-				action="#"
+				action="about:blank"
 				method="POST"
 				rel={blob instanceof Blob ? '' : 'next'}
 			>
diff --git a/src/pages/encrypt.svelte b/src/pages/encrypt.svelte
index 483c37c..f23b873 100644
--- a/src/pages/encrypt.svelte
+++ b/src/pages/encrypt.svelte
@@ -26,6 +26,7 @@
 	import ErrorModal from '~/components/ErrorModal.svelte';
 	import Loading from '~/components/Loading.svelte';
 	import EFormFields from '~/lib/EFormFields.js';
+	import blobToBuffer from '~/lib/blobToBuffer.js';
 	import downloadArchive from '~/lib/downloadArchive.js';
 	import {
 		ENCRYPT_DROPZONE_ELEMENT_ID_,
@@ -276,16 +277,7 @@
 				? parseInt(_userIterationCount[1])
 				: defaultIterationCount;
 
-			const buffer = await new Promise<ArrayBuffer>((resolve, reject) => {
-				const fileReader = new FileReader();
-				fileReader.onerror = () => {
-					reject(fileReader.error);
-				};
-				fileReader.onload = () => {
-					resolve(fileReader.result as ArrayBuffer);
-				};
-				fileReader.readAsArrayBuffer(_file);
-			});
+			const buffer = await blobToBuffer(_file);
 
 			if (
 				typeof cmsSandbox !== 'function' ||
diff --git a/src/utils/server.ts b/src/utils/server.ts
index bcfe753..487abf1 100644
--- a/src/utils/server.ts
+++ b/src/utils/server.ts
@@ -34,7 +34,7 @@ const server = http.createServer((req, res) => {
 			['content-type', 'text/html; charset=UTF-8'],
 			[
 				'content-security-policy',
-				"default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data:; script-src-attr 'none'; style-src data:; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; frame-ancestors 'self'; form-action 'self' data:",
+				"default-src 'none'; script-src 'self' 'unsafe-eval' blob: data:; script-src-elem blob: data:; script-src-attr 'none'; style-src data:; child-src blob:; connect-src blob: data:; frame-src blob:; worker-src blob:; frame-ancestors 'self'; form-action 'self' about:",
 			],
 			[
 				'permissions-policy',