From fcb93fb20d733bb22df4458703ee6f1b1cbff79a Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Mon, 29 Mar 2021 18:35:48 +0200 Subject: [PATCH 01/17] Fix addthis --- tarteaucitron.services.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index d03060e..ff4156f 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -258,13 +258,13 @@ tarteaucitron.services.addthis = { window._atr = null; window._atw = null; } - tarteaucitron.fallback(['addthis_sharing_toolbox'], ''); + tarteaucitron.fallback(['addthis_inline_share_toolbox'], ''); tarteaucitron.addScript('//s7.addthis.com/js/300/addthis_widget.js#pubid=' + tarteaucitron.user.addthisPubId); }, "fallback": function () { "use strict"; var id = 'addthis'; - tarteaucitron.fallback(['addthis_sharing_toolbox'], tarteaucitron.engage(id)); + tarteaucitron.fallback(['addthis_inline_share_toolbox'], tarteaucitron.engage(id)); } }; From 3a1e0fc011daa4a1c0b6d9d38726745d0c1cd0f9 Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Tue, 30 Mar 2021 09:32:51 +0200 Subject: [PATCH 02/17] Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 67 +++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100644 .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..f23ecd7 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,67 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: [ master ] + pull_request: + # The branches below must be a subset of the branches above + branches: [ master ] + schedule: + - cron: '23 21 * * 2' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: [ 'javascript' ] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] + # Learn more: + # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 From 4cf0ff2c7c1598b91de682b1b0e99e78d957ab5f Mon Sep 17 00:00:00 2001 From: Nicolas Rosset Date: Wed, 31 Mar 2021 18:05:41 +0200 Subject: [PATCH 03/17] fix "fixed" undefined and "i" undefined --- tarteaucitron.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tarteaucitron.js b/tarteaucitron.js index 8ab85aa..4f7b13d 100644 --- a/tarteaucitron.js +++ b/tarteaucitron.js @@ -1655,8 +1655,7 @@ var tarteaucitron = { } }, "fixSelfXSS": function(html) { - fixed = html.toString().replace(/&/g, "&").replace(//g, ">").replace(/"/g, """).replace(/'/g, "'"); - return fixed; + return html.toString().replace(/&/g, "&").replace(//g, ">").replace(/"/g, """).replace(/'/g, "'"); }, "getLanguage": function () { "use strict"; @@ -1936,6 +1935,7 @@ var tarteaucitron = { }, "triggerJobsAfterAjaxCall": function() { tarteaucitron.job.forEach(function(e) { tarteaucitron.job.push(e) }); + var i; var allowBtns = document.getElementsByClassName("tarteaucitronAllow"); for (i = 0; i < allowBtns.length; i++) { tarteaucitron.addClickEventToElement(allowBtns[i], function () { From ed703ee8c4db457117b5a69719ca3c028a05b59a Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Thu, 1 Apr 2021 12:10:49 +0200 Subject: [PATCH 04/17] Some CSS fix --- css/tarteaucitron.css | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/css/tarteaucitron.css b/css/tarteaucitron.css index a14c42b..730fb8c 100644 --- a/css/tarteaucitron.css +++ b/css/tarteaucitron.css @@ -24,6 +24,10 @@ span.tarteaucitronH3 { /** BETTER MOBILE MODE **/ @media screen and (max-width: 767px) { + + html body #tarteaucitronRoot #tarteaucitron ul#tarteaucitronServices_mandatory .tarteaucitronDeny { + display: none!important; + } html body #tarteaucitronRoot #tarteaucitron .tarteaucitronBorder button, html body #tarteaucitronRoot #tarteaucitron .tarteaucitronAsk, @@ -33,6 +37,8 @@ span.tarteaucitronH3 { margin-left: 0!important; margin-right: 0!important; box-sizing: border-box!important; + max-width: 100%!important; + margin-bottom: 8px!important; } html body #tarteaucitronRoot #tarteaucitron .tarteaucitronBorder ul .tarteaucitronLine { From 205fdb3cc6beebbc40671a8b43459632441a9e23 Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Tue, 6 Apr 2021 14:13:31 +0200 Subject: [PATCH 05/17] Another fix for IE11 --- tarteaucitron.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tarteaucitron.js b/tarteaucitron.js index 4f7b13d..35228e4 100644 --- a/tarteaucitron.js +++ b/tarteaucitron.js @@ -608,7 +608,7 @@ var tarteaucitron = { tac_group_style.innerHTML = '.tarteaucitronTitle{display:none}'; document.head.appendChild(tac_group_style); var cats = document.querySelectorAll('[id^="tarteaucitronServicesTitle_"]') - cats.forEach(function(item) { + Array.prototype.forEach.call(cats, function(item) { var cat = item.getAttribute('id').replace(/^(tarteaucitronServicesTitle_)/, ""); if (cat !== "mandatory") { var html = ''; @@ -633,7 +633,7 @@ var tarteaucitron = { document.querySelector('#tarteaucitronServices_' + cat).style.display = 'none'; tarteaucitron.addClickEventToId("tarteaucitron-toggle-group-" + cat, function () { tarteaucitron.userInterface.toggle('tarteaucitronServices_' + cat); - if (document.getElementById('tarteaucitronServices_' + cat).style.display == 'block') { + if (document.getElementById('tarteaucitronServices_' + cat).style.display == 'block') { tarteaucitron.userInterface.addClass('tarteaucitronServicesTitle_' + cat, 'tarteaucitronIsExpanded'); } else { tarteaucitron.userInterface.removeClass('tarteaucitronServicesTitle_' + cat, 'tarteaucitronIsExpanded'); @@ -1081,7 +1081,7 @@ var tarteaucitron = { // groups var cats = document.querySelectorAll('[id^="tarteaucitronServicesTitle_"]') - cats.forEach(function(item) { + Array.prototype.forEach.call(cats, function(item) { var cat = item.getAttribute('id').replace(/^(tarteaucitronServicesTitle_)/, ""), total = document.getElementById("tarteaucitronServices_"+cat).childElementCount; var doc = document.getElementById("tarteaucitronServices_"+cat), From bfd8f1f8b963f0c859ed40234c09ab61c75d239a Mon Sep 17 00:00:00 2001 From: Harmen Christophe Date: Wed, 7 Apr 2021 08:46:41 +0200 Subject: [PATCH 06/17] =?UTF-8?q?Gestion=20des=20titles=20personnalis?= =?UTF-8?q?=C3=A9s=20sur=20les=20services=20de=20type=20iframe=20(#650)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tarteaucitron.services.js | 129 ++++++++++++++++++++++---------------- 1 file changed, 76 insertions(+), 53 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index ff4156f..b603ad5 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -12,11 +12,12 @@ tarteaucitron.services.iframe = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_iframe'], function (x) { - var width = x.getAttribute("width"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title")), + width = x.getAttribute("width"), height = x.getAttribute("height"), url = x.getAttribute("data-url"); - return ''; + return ''; }); }, "fallback": function () { @@ -73,11 +74,12 @@ tarteaucitron.services.helloasso = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_helloasso'], function (x) { - var width = x.getAttribute("width"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'HelloAsso iframe'), + width = x.getAttribute("width"), height = x.getAttribute("height"), url = x.getAttribute("data-url"); - return ''; + return ''; }); }, "fallback": function () { @@ -102,11 +104,12 @@ tarteaucitron.services.podcloud = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_podcloud'], function (x) { - var width = x.getAttribute("width"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'podCloud iframe'), + width = x.getAttribute("width"), height = x.getAttribute("height"), url = x.getAttribute("data-url"); - return ''; + return ''; }); }, "fallback": function () { @@ -131,12 +134,13 @@ tarteaucitron.services.facebookpost = { "js": function () { "use strict"; tarteaucitron.fallback(['tac_facebookpost'], function (x) { - var width = x.getAttribute("width"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Facebook iframe'), + width = x.getAttribute("width"), height = x.getAttribute("height"), url = x.getAttribute("data-url"), appId = x.getAttribute("data-appid"); - return ''; + return ''; }); }, "fallback": function () { @@ -538,10 +542,11 @@ tarteaucitron.services.amazon = { "js": function () { "use strict"; tarteaucitron.fallback(['amazon_product'], function (x) { - var amazonId = x.getAttribute("amazonid"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Amazon iframe'), + amazonId = x.getAttribute("amazonid"), productId = x.getAttribute("productid"), url = '//ws-eu.amazon-adsystem.com/widgets/q?ServiceVersion=20070822&OneJS=1&Operation=GetAdHtml&MarketPlace=' + tarteaucitron.getLanguage().toUpperCase() + '&source=ss&ref=ss_til&ad_type=product_link&tracking_id=' + amazonId + '&marketplace=amazon®ion=' + tarteaucitron.getLanguage().toUpperCase() + '&placement=' + productId + '&asins=' + productId + '&show_border=true&link_opens_in_new_window=true', - iframe = ''; + iframe = ''; return iframe; }); @@ -564,12 +569,13 @@ tarteaucitron.services.calameo = { "js": function () { "use strict"; tarteaucitron.fallback(['calameo-canvas'], function (x) { - var id = x.getAttribute("data-id"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Calameo iframe'), + id = x.getAttribute("data-id"), width = x.getAttribute("width"), height = x.getAttribute("height"), url = '//v.calameo.com/?bkcode=' + id; - return ''; + return ''; }); }, "fallback": function () { @@ -768,7 +774,8 @@ tarteaucitron.services.artetv = { "js": function () { "use strict"; tarteaucitron.fallback(['artetv_player'], function (x) { - var video_json = x.getAttribute("json"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Arte.tv iframe'), + video_json = x.getAttribute("json"), video_width = x.getAttribute("width"), video_height = x.getAttribute("height"), video_frame; @@ -777,7 +784,7 @@ tarteaucitron.services.artetv = { return ""; } - video_frame = ''; + video_frame = ''; return video_frame; }); }, @@ -803,7 +810,8 @@ tarteaucitron.services.dailymotion = { "js": function () { "use strict"; tarteaucitron.fallback(['dailymotion_player'], function (x) { - var video_id = x.getAttribute("videoID"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Dailymotion iframe'), + video_id = x.getAttribute("videoID"), video_width = x.getAttribute("width"), frame_width = 'width=', video_height = x.getAttribute("height"), @@ -828,7 +836,7 @@ tarteaucitron.services.dailymotion = { if (embed_type === undefined || !['video', 'playlist'].includes(embed_type) ) { embed_type = "video"; } - video_frame = ''; + video_frame = ''; return video_frame; }); }, @@ -854,7 +862,8 @@ tarteaucitron.services.datingaffiliation = { "js": function () { "use strict"; tarteaucitron.fallback(['datingaffiliation-canvas'], function (x) { - var comfrom = x.getAttribute("data-comfrom"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Dating Affiliation iframe'), + comfrom = x.getAttribute("data-comfrom"), r = x.getAttribute("data-r"), p = x.getAttribute("data-p"), cf0 = x.getAttribute("data-cf0"), @@ -866,7 +875,7 @@ tarteaucitron.services.datingaffiliation = { height = x.getAttribute("height"), url = 'http://www.tools-affil2.com/rotaban/ban.php?' + comfrom; - return ''; + return ''; }); }, "fallback": function () { @@ -944,7 +953,8 @@ tarteaucitron.services.deezer = { "js": function () { "use strict"; tarteaucitron.fallback(['deezer_player'], function (x) { - var deezer_id = x.getAttribute("deezerID"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Deezer iframe'), + deezer_id = x.getAttribute("deezerID"), deezer_width = x.getAttribute("width"), frame_width = 'width=', deezer_height = x.getAttribute("height"), @@ -982,7 +992,7 @@ tarteaucitron.services.deezer = { tracklist = "true"; } params = 'tracklist=' + tracklist + '&radius=' + radius; - deezer_frame = ''; + deezer_frame = ''; return deezer_frame; }); }, @@ -1235,7 +1245,7 @@ tarteaucitron.services.stonly = { window.StonlyWidget || ((window.w = window.StonlyWidget = function() { window.w._api ? window.w._api.apply(window.w, arguments) : window.w.queue.push(arguments) }).queue = []); - + tarteaucitron.addScript('https://stonly.com/js/widget/v2/stonly-widget.js?v=' + Date.now()); } }; @@ -1653,13 +1663,14 @@ tarteaucitron.services.googlemapssearch = { "js": function () { "use strict"; tarteaucitron.fallback(['googlemapssearch'], function (x) { - var width = x.getAttribute("width"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Google search iframe'), + width = x.getAttribute("width"), height = x.getAttribute("height"), // url = x.getAttribute("data-url"); query = escape(x.getAttribute("data-search")), key = x.getAttribute("data-api-key"); - return ' ' + return ' ' }); }, "fallback": function () { @@ -1684,11 +1695,12 @@ tarteaucitron.services.googlemapsembed = { "js": function () { "use strict"; tarteaucitron.fallback(['googlemapsembed'], function (x) { - var width = tarteaucitron.getElemWidth(x), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Google maps iframe'), + width = tarteaucitron.getElemWidth(x), height = tarteaucitron.getElemHeight(x), url = x.getAttribute("data-url"); - return ''; + return ''; }); }, "fallback": function () { @@ -1798,7 +1810,8 @@ tarteaucitron.services.instagram = { "js": function () { "use strict"; tarteaucitron.fallback(['instagram_post'], function (x) { - var post_id = x.getAttribute("postId"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Instagram iframe'), + post_id = x.getAttribute("postId"), embed_width = x.getAttribute("width"), frame_width = 'width=', embed_height = x.getAttribute("height"), @@ -1818,7 +1831,7 @@ tarteaucitron.services.instagram = { } else { frame_height += '"" '; } - post_frame = ''; + post_frame = ''; return post_frame; }); }, @@ -1885,7 +1898,7 @@ tarteaucitron.services.recaptcha = { } else { tarteaucitron.addScript('https://www.google.com/recaptcha/api.js?onload=tacRecaptchaOnLoad&render=' + tarteaucitron.user.recaptchaapi); } - + }, "fallback": function () { "use strict"; @@ -2059,12 +2072,13 @@ tarteaucitron.services.prezi = { "js": function () { "use strict"; tarteaucitron.fallback(['prezi-canvas'], function (x) { - var id = x.getAttribute("data-id"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Prezi iframe'), + id = x.getAttribute("data-id"), width = x.getAttribute("width"), height = x.getAttribute("height"), url = 'https://prezi.com/embed/' + id + '/?bgcolor=ffffff&lock_to_path=0&autoplay=0&autohide_ctrls=0'; - return ''; + return ''; }); }, "fallback": function () { @@ -2283,12 +2297,13 @@ tarteaucitron.services.slideshare = { "js": function () { "use strict"; tarteaucitron.fallback(['slideshare-canvas'], function (x) { - var id = x.getAttribute("data-id"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Slideshare iframe'), + id = x.getAttribute("data-id"), width = x.getAttribute("width"), height = x.getAttribute("height"), url = '//www.slideshare.net/slideshow/embed_code/' + id; - return ''; + return ''; }); }, "fallback": function () { @@ -2312,7 +2327,8 @@ tarteaucitron.services.soundcloud = { js: function () { "use strict"; tarteaucitron.fallback(['soundcloud_player'], function (x) { - var player_height = x.getAttribute('data-height'), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Soundcloud iframe'), + player_height = x.getAttribute('data-height'), frame_height = 'height="' + player_height + '" ', playable_id = x.getAttribute('data-playable-id'), playable_type = x.getAttribute('data-playable-type'), @@ -2344,7 +2360,7 @@ tarteaucitron.services.soundcloud = { if (visual && visual.length > 0) qs += '&visual=' + visual; if (artwork && artwork.length > 0) qs += '&show_artwork=' + artwork; - return ''; + return ''; }); }, fallback: function () { @@ -2367,7 +2383,8 @@ tarteaucitron.services.spotify = { "js": function () { "use strict"; tarteaucitron.fallback(['spotify_player'], function (x) { - var spotify_id = x.getAttribute("spotifyID"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Spotify iframe'), + spotify_id = x.getAttribute("spotifyID"), spotify_width = x.getAttribute("width"), frame_width = 'width=', spotify_height = x.getAttribute("height"), @@ -2387,7 +2404,7 @@ tarteaucitron.services.spotify = { } else { frame_height += '"" '; } - spotify_frame = ''; + spotify_frame = ''; return spotify_frame; }); }, @@ -2444,7 +2461,8 @@ tarteaucitron.services.timelinejs = { "js": function () { "use strict"; tarteaucitron.fallback(['timelinejs-canvas'], function (x) { - var spreadsheet_id = x.getAttribute("spreadsheet_id"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Twitter iframe'), + spreadsheet_id = x.getAttribute("spreadsheet_id"), width = x.getAttribute("width"), height = x.getAttribute("height"), lang = x.getAttribute("lang_2_letter"), @@ -2456,7 +2474,7 @@ tarteaucitron.services.timelinejs = { start_zoom = x.getAttribute("start_zoom"), url = '//cdn.knightlab.com/libs/timeline/latest/embed/index.html?source=' + spreadsheet_id + '&font=' + font + '&maptype=' + map + '&lang=' + lang + '&start_at_end=' + start_at_end + '&hash_bookmark=' + hash_bookmark + '&start_at_slide=' + start_at_slide + '&start_zoom_adjust=' + start_zoom + '&height=' + height; - return ''; + return ''; }); }, "fallback": function () { @@ -2677,7 +2695,8 @@ tarteaucitron.services.vimeo = { "js": function () { "use strict"; tarteaucitron.fallback(['vimeo_player'], function (x) { - var video_width = x.getAttribute("data-width") || x.getAttribute("width"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("data-title") || x.getAttribute("title") || 'Vimeo iframe'), + video_width = x.getAttribute("data-width") || x.getAttribute("width"), frame_width = 'width=', video_height = x.getAttribute("data-height") || x.getAttribute("height"), frame_height = 'height=', @@ -2824,7 +2843,7 @@ tarteaucitron.services.vimeo = { video_qs = ""; } - video_frame = ''; + video_frame = ''; return video_frame; }); @@ -3039,7 +3058,7 @@ tarteaucitron.services.atinternetoptin = { "js": function () { "use strict"; tarteaucitron.launch['atinternetoptout'] = false; - + setTimeout(function() { tarteaucitron.userInterface.respond(document.getElementById('atinternetAllowed'), true); tarteaucitron.userInterface.respond(document.getElementById('atinternetoptoutDenied'), false); @@ -3126,7 +3145,8 @@ tarteaucitron.services.youtube = { "js": function () { "use strict"; tarteaucitron.fallback(['youtube_player'], function (x) { - var video_id = x.getAttribute("videoID"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Youtube iframe'), + video_id = x.getAttribute("videoID"), video_width = x.getAttribute("width"), frame_width = 'width=', video_height = x.getAttribute("height"), @@ -3147,7 +3167,7 @@ tarteaucitron.services.youtube = { } else { frame_height += '"" '; } - video_frame = ''; + video_frame = ''; return video_frame; }); }, @@ -3173,7 +3193,8 @@ tarteaucitron.services.youtubeplaylist = { "js": function () { "use strict"; tarteaucitron.fallback(['youtube_playlist_player'], function (x) { - var playlist_id = x.getAttribute("playlistID"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Youtube iframe'), + playlist_id = x.getAttribute("playlistID"), video_width = x.getAttribute("width"), frame_width = 'width=', video_height = x.getAttribute("height"), @@ -3194,7 +3215,7 @@ tarteaucitron.services.youtubeplaylist = { } else { frame_height += '"" '; } - video_frame = ''; + video_frame = ''; return video_frame; }); }, @@ -3256,7 +3277,7 @@ tarteaucitron.services.linkedininsighttag = { window._linkedin_data_partner_ids = window._linkedin_data_partner_ids || []; window._linkedin_data_partner_ids.push(tarteaucitron.user.linkedininsighttag); } - + tarteaucitron.addScript('https://snap.licdn.com/li.lms-analytics/insight.min.js'); } }; @@ -3323,7 +3344,8 @@ tarteaucitron.services.issuu = { "js": function () { "use strict"; tarteaucitron.fallback(['issuu_player'], function (x) { - var issuu_id = x.getAttribute("issuuID"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Issuu iframe'), + issuu_id = x.getAttribute("issuuID"), issuu_width = x.getAttribute("width"), frame_width = 'width=', issuu_height = x.getAttribute("height"), @@ -3349,7 +3371,7 @@ tarteaucitron.services.issuu = { if (issuu_id.match(/\d+\/\d+/)) { issuu_embed = '#' + issuu_id; } else if (issuu_id.match(/d=(.*)&u=(.*)/)) { issuu_embed = '?' + issuu_id; } - issuu_frame = ''; + issuu_frame = ''; return issuu_frame; }); @@ -3529,8 +3551,8 @@ tarteaucitron.services.matomo = { }, 100) } }; - - + + tarteaucitron.services.matomohightrack = { "key": "matomohightrack", "type": "analytic", @@ -3649,7 +3671,8 @@ tarteaucitron.services.matterport = { "js": function () { "use strict"; tarteaucitron.fallback(['matterport'], function (x) { - var matterport_id = x.getAttribute("matterportID"), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Matterport iframe'), + matterport_id = x.getAttribute("matterportID"), matterport_width = x.getAttribute("width"), frame_width = 'width=', matterport_height = x.getAttribute("height"), @@ -3674,7 +3697,7 @@ tarteaucitron.services.matterport = { return ""; } - matterport_frame = ''; + matterport_frame = ''; return matterport_frame; }); }, @@ -3851,7 +3874,7 @@ tarteaucitron.services.userlike = { tarteaucitron.addScript('//userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/' + tarteaucitron.user.userlikeKey); } }; - + // adobeanalytics tarteaucitron.services.adobeanalytics = { "key": "adobeanalytics", From c295754a50615904512cd4463199daa06a944538 Mon Sep 17 00:00:00 2001 From: Christian Welzel Date: Fri, 26 Jun 2020 11:45:46 +0200 Subject: [PATCH 07/17] add 'anonymize_ip' to gtag.js service. --- tarteaucitron.services.js | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index ff4156f..cec76cd 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -1582,7 +1582,7 @@ tarteaucitron.services.gtag = { tarteaucitron.addScript('https://www.googletagmanager.com/gtag/js?id=' + tarteaucitron.user.gtagUa, '', function () { window.gtag = function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); - gtag('config', tarteaucitron.user.gtagUa); + gtag('config', tarteaucitron.user.gtagUa, { 'anonymize_ip': true }); if (typeof tarteaucitron.user.gtagMore === 'function') { tarteaucitron.user.gtagMore(); @@ -3529,8 +3529,8 @@ tarteaucitron.services.matomo = { }, 100) } }; - - + + tarteaucitron.services.matomohightrack = { "key": "matomohightrack", "type": "analytic", @@ -3851,7 +3851,7 @@ tarteaucitron.services.userlike = { tarteaucitron.addScript('//userlike-cdn-widgets.s3-eu-west-1.amazonaws.com/' + tarteaucitron.user.userlikeKey); } }; - + // adobeanalytics tarteaucitron.services.adobeanalytics = { "key": "adobeanalytics", From 36c3ee0e4fb7a8d29a537280addb72a4e0e35796 Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Sun, 11 Apr 2021 10:47:03 +0200 Subject: [PATCH 08/17] Add Pardot --- tarteaucitron.services.js | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index ae3a7cc..40b2829 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -31,6 +31,28 @@ tarteaucitron.services.iframe = { } }; +// pardot +tarteaucitron.services.pardot = { + "key": "pardot", + "type": "analytic", + "name": "Pardot", + "uri": "https://www.salesforce.com/company/privacy/full_privacy/", + "needConsent": true, + "cookies": ['visitor_id'], + "js": function () { + "use strict"; + if (tarteaucitron.user.piAId === undefined || tarteaucitron.user.piCId === undefined) { + return; + } + + window.piAId = tarteaucitron.user.piAId; + window.piCId = tarteaucitron.user.piCId; + window.piHostname = 'pi.pardot.com'; + + tarteaucitron.addScript('https://pi.pardot.com/pd.js'); + } +}; + // xandr tarteaucitron.services.xandr = { "key": "xandr", From f4450c5a739379a2038d0197f45bb12689beb815 Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Sun, 11 Apr 2021 10:59:04 +0200 Subject: [PATCH 09/17] Add class on read more links and separator --- tarteaucitron.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tarteaucitron.js b/tarteaucitron.js index 35228e4..9933244 100644 --- a/tarteaucitron.js +++ b/tarteaucitron.js @@ -764,11 +764,11 @@ var tarteaucitron = { if (tarteaucitron.parameters.readmoreLink !== undefined && tarteaucitron.parameters.readmoreLink !== '') { link = tarteaucitron.parameters.readmoreLink; } - html += ' '; + html += ' '; html += ' ' + tarteaucitron.lang.more; html += ' '; - html += ' - '; - html += ' '; + html += ' - '; + html += ' '; html += ' ' + tarteaucitron.lang.source; html += ' '; } From b59c8cbdccbc1b0cc99e4f8b853730ab6c9653a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Bell=C3=AAtre?= Date: Mon, 12 Apr 2021 15:27:39 +0200 Subject: [PATCH 10/17] Add Ausha service --- tarteaucitron.services.js | 40 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index 40b2829..750f7c2 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -3937,3 +3937,43 @@ tarteaucitron.services.woopra = { woopra.track(); } }; + +// ausha +tarteaucitron.services.ausha = { + key: "ausha", + type: "video", + name: "Ausha", + needConsent: true, + cookies: [], + js: function () { + "use strict"; + tarteaucitron.fallback(['ausha_player'], function (x) { + var player_height = x.getAttribute('data-height'), + podcast_id = x.getAttribute('data-podcast-id'), + player_id = x.getAttribute('data-player-id'), + playlist = x.getAttribute('data-playlist'), + color = x.getAttribute('data-color'); + + if (podcast_id === undefined) { + return ""; + } + + var src = 'https://player.ausha.co/index.html?podcastId=' + podcast_id + '&v=3'; + + if (playlist && playlist.length > 0) src += '&playlist=' + playlist; + if (color && color.length > 0) src += '&color=' + color.replace('#', '%23'); + if (player_id && player_id.length > 0) src += '&playerId=' + player_id; + + return ''; + }); + + tarteaucitron.addScript('//player.ausha.co/ausha-player.js', 'ausha-player'); + }, + fallback: function () { + "use strict"; + tarteaucitron.fallback(['ausha_player'], function (elem) { + elem.style.height = elem.getAttribute('data-height') + 'px'; + return tarteaucitron.engage('ausha'); + }); + } +}; From 1a6113c857b7b11c258b09a002cfbf1a8c6f05f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Bell=C3=AAtre?= Date: Mon, 12 Apr 2021 17:16:44 +0200 Subject: [PATCH 11/17] Update Instagram integration --- tarteaucitron.services.js | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index 40b2829..2042d60 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -1832,28 +1832,37 @@ tarteaucitron.services.instagram = { "js": function () { "use strict"; tarteaucitron.fallback(['instagram_post'], function (x) { - var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Instagram iframe'), - post_id = x.getAttribute("postId"), - embed_width = x.getAttribute("width"), - frame_width = 'width=', - embed_height = x.getAttribute("height"), - frame_height = 'height=', + var post_id = x.getAttribute('postId'), + post_permalink = x.getAttribute('data-instgrm-permalink'), + embed_width = x.getAttribute('width'), + embed_height = x.getAttribute('height'), + frame_width, + frame_height, post_frame; + if (post_permalink != null) { + tarteaucitron.addScript('//www.instagram.com/embed.js', 'instagram-embed'); + + return ''; + } + if (post_id === undefined) { return ""; } + if (embed_width !== undefined) { - frame_width += '"' + embed_width + '" '; + frame_width = 'width="' + embed_width + '" '; } else { - frame_width += '"" '; + frame_width = '"" '; } if (embed_height !== undefined) { - frame_height += '"' + embed_height + '" '; + frame_height = 'height="' + embed_height + '" '; } else { - frame_height += '"" '; + frame_height = '"" '; } - post_frame = ''; + + post_frame = ''; + return post_frame; }); }, From 797fa033571ed9536e2774d3a8636116df3f2cb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Bell=C3=AAtre?= Date: Mon, 12 Apr 2021 17:18:41 +0200 Subject: [PATCH 12/17] Revert iframe title --- tarteaucitron.services.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index 2042d60..3c50a3e 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -1832,7 +1832,7 @@ tarteaucitron.services.instagram = { "js": function () { "use strict"; tarteaucitron.fallback(['instagram_post'], function (x) { - var post_id = x.getAttribute('postId'), + var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Instagram iframe'), post_permalink = x.getAttribute('data-instgrm-permalink'), embed_width = x.getAttribute('width'), embed_height = x.getAttribute('height'), @@ -1861,7 +1861,7 @@ tarteaucitron.services.instagram = { frame_height = '"" '; } - post_frame = ''; + post_frame = ''; return post_frame; }); From 279523f18d03c69323874115c31ca5970150b0f0 Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Tue, 13 Apr 2021 13:52:49 +0200 Subject: [PATCH 13/17] Add focus on the alert for keyboard navigation --- tarteaucitron.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tarteaucitron.js b/tarteaucitron.js index 9933244..4e1369a 100644 --- a/tarteaucitron.js +++ b/tarteaucitron.js @@ -1234,6 +1234,10 @@ var tarteaucitron = { } //end ie compatibility + if (document.getElementById('tarteaucitronPersonalize2') !== null) { + document.getElementById('tarteaucitronPersonalize2').focus(); + } + window.dispatchEvent(tacOpenAlertEvent); }, "closeAlert": function () { From b5fe35877f7cbdc49265ed7f8c932ef7184f9de5 Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Tue, 13 Apr 2021 14:30:56 +0200 Subject: [PATCH 14/17] Update getquanty with rgpd friendly fallback --- tarteaucitron.services.js | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index 40b2829..c1b1813 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -3815,11 +3815,15 @@ tarteaucitron.services.getquanty = { return; } - window.webleads_site_ids = window.webleads_site_ids || []; - window.webleads_site_ids.push(tarteaucitron.user.getguanty); + tarteaucitron.addScript('https://get.smart-data-systems.com/gq?site_id=' + tarteaucitron.user.getguanty + '&consent=1'); + }, + "fallback": function () { + "use strict"; + if (tarteaucitron.user.getguanty === undefined) { + return; + } - tarteaucitron.addScript('https://stats.webleads-tracker.com/js'); - tarteaucitron.addScript('https://get.smart-data-systems.com/track?site_id=' + tarteaucitron.user.getguanty); + tarteaucitron.addScript('https://get.smart-data-systems.com/gq?site_id=' + tarteaucitron.user.getguanty + '¬rack=1'); } }; From 1c6251a70673997346bf1b89bbfcd6d54672a666 Mon Sep 17 00:00:00 2001 From: Amauri CHAMPEAUX Date: Tue, 13 Apr 2021 15:17:22 +0200 Subject: [PATCH 15/17] Update atinternet service --- tarteaucitron.services.js | 105 +++++++------------------------------- 1 file changed, 19 insertions(+), 86 deletions(-) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index c1b1813..7204589 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -3017,8 +3017,8 @@ tarteaucitron.services.atinternet = { "type": "analytic", "name": "AT Internet (privacy by design)", "uri": "https://helpcentre.atinternet-solutions.com/hc/fr/categories/360002439300-Privacy-Centre", - "needConsent": false, - "safeanalytic": true, + "needConsent": true, + "safeanalytic": false, "cookies": ['atidvisitor', 'atreman', 'atredir', 'atsession', 'atuserid'], "js": function () { "use strict"; @@ -3035,99 +3035,32 @@ tarteaucitron.services.atinternet = { } if (typeof window.tag.privacy !== 'undefined') { - - document.getElementById('atinternetLine').style.display = 'none'; - - if (tarteaucitron.cookie.read().indexOf('atinternetoptin=true') === -1 && tarteaucitron.cookie.read().indexOf('atinternetoptout=true') === -1) { - window.tag.privacy.setVisitorMode('cnil', 'exempt'); - } - - tarteaucitron.addClickEventToElement(document.getElementById('atinternetDenied'), function () { - tarteaucitron.launch['atinternetoptout'] = false; - tarteaucitron.launch['atinternetoptin'] = false; - tarteaucitron.userInterface.respond(document.getElementById('atinternetoptinDenied'), false); - tarteaucitron.userInterface.respond(document.getElementById('atinternetoptoutDenied'), false); - }); - - tarteaucitron.addClickEventToElement(document.getElementById('atinternetoptoutDenied'), function () { - if (tarteaucitron.cookie.read().indexOf('atinternetoptin=true') === -1 && tarteaucitron.cookie.read().indexOf('atinternetoptout=true') === -1) { - window.tag.privacy.setVisitorMode('cnil', 'exempt'); - } - }); - - tarteaucitron.addClickEventToElement(document.getElementById('atinternetoptinDenied'), function () { - if (tarteaucitron.cookie.read().indexOf('atinternetoptin=true') === -1 && tarteaucitron.cookie.read().indexOf('atinternetoptout=true') === -1) { - window.tag.privacy.setVisitorMode('cnil', 'exempt'); - } - }); + window.tag.privacy.setVisitorOptin(); } - setTimeout(function() { - tag.page.send(); - }, 70); + window.tag.page.send(); }); - } -}; - -// AT Internet (optin) -tarteaucitron.services.atinternetoptin = { - "key": "atinternetoptin", - "type": "analytic", - "name": "AT Internet", - "uri": "https://helpcentre.atinternet-solutions.com/hc/fr/categories/360002439300-Privacy-Centre", - "needConsent": true, - "cookies": ['atidvisitor', 'atreman', 'atredir', 'atsession', 'atuserid'], - "js": function () { + }, + "fallback": function () { "use strict"; - tarteaucitron.launch['atinternetoptout'] = false; - - setTimeout(function() { - tarteaucitron.userInterface.respond(document.getElementById('atinternetAllowed'), true); - tarteaucitron.userInterface.respond(document.getElementById('atinternetoptoutDenied'), false); - }, 50); - - setTimeout(function() { - if (typeof window.tag.privacy !== 'undefined') { - window.tag.privacy.setVisitorOptin(); - } - }, 60); - - window.tarteaucitronHackNoSwitch = true; - setTimeout(function() {window.tarteaucitronHackNoSwitch = false;}, 200); - } -}; - -// AT Internet (optout) -tarteaucitron.services.atinternetoptout = { - "key": "atinternetoptout", - "type": "analytic", - "name": "AT Internet [minimal]", - "uri": "https://helpcentre.atinternet-solutions.com/hc/fr/categories/360002439300-Privacy-Centre", - "needConsent": true, - "cookies": ['atidvisitor', 'atreman', 'atredir', 'atsession', 'atuserid'], - "js": function () { - "use strict"; - - // hack accept all - if (window.tarteaucitronHackNoSwitch) { - setTimeout(function() { - tarteaucitron.userInterface.respond(document.getElementById('atinternetoptoutDenied'), false); - }, 60); + if (tarteaucitron.user.atLibUrl === undefined) { return; } - tarteaucitron.launch['atinternetoptin'] = false; + tarteaucitron.addScript(tarteaucitron.user.atLibUrl, '', function() { - setTimeout(function() { - tarteaucitron.userInterface.respond(document.getElementById('atinternetAllowed'), true); - tarteaucitron.userInterface.respond(document.getElementById('atinternetoptinDenied'), false); - }, 50); + window.tag = new ATInternet.Tracker.Tag(); - setTimeout(function() { - if (typeof window.tag.privacy !== 'undefined') { - window.tag.privacy.setVisitorOptout(); + if (typeof tarteaucitron.user.atMore === 'function') { + tarteaucitron.user.atMore(); } - }, 60); + + if (typeof window.tag.privacy !== 'undefined') { + window.tag.privacy.setVisitorMode('cnil', 'exempt'); + } + + window.tag.page.send(); + }); } }; @@ -3580,7 +3513,7 @@ tarteaucitron.services.matomohightrack = { "type": "analytic", "name": "Matomo", "uri": "https://matomo.org/faq/general/faq_146/", - "needConsent": true, + "needConsent": false, "cookies": ['_pk_ref', '_pk_cvar', '_pk_id', '_pk_ses', '_pk_hsr', 'piwik_ignore', '_pk_uid'], "js": function () { "use strict"; From 9c53c49ea82d91fc69b4f23066448f1bafbe6780 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Bell=C3=AAtre?= Date: Tue, 13 Apr 2021 16:44:21 +0200 Subject: [PATCH 16/17] Add Ausha privacy policy URI --- tarteaucitron.services.js | 1 + 1 file changed, 1 insertion(+) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index 750f7c2..300c953 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -3943,6 +3943,7 @@ tarteaucitron.services.ausha = { key: "ausha", type: "video", name: "Ausha", + uri: "https://www.ausha.co/protection-personal-data/", needConsent: true, cookies: [], js: function () { From 2a6756ebaae286ab7ea58d7b1062e5fc20e61e35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Bell=C3=AAtre?= Date: Tue, 13 Apr 2021 18:43:49 +0200 Subject: [PATCH 17/17] Revert Instagram postId attribute --- tarteaucitron.services.js | 1 + 1 file changed, 1 insertion(+) diff --git a/tarteaucitron.services.js b/tarteaucitron.services.js index 3c50a3e..7a8bd30 100644 --- a/tarteaucitron.services.js +++ b/tarteaucitron.services.js @@ -1833,6 +1833,7 @@ tarteaucitron.services.instagram = { "use strict"; tarteaucitron.fallback(['instagram_post'], function (x) { var frame_title = tarteaucitron.fixSelfXSS(x.getAttribute("title") || 'Instagram iframe'), + post_id = x.getAttribute('postId'), post_permalink = x.getAttribute('data-instgrm-permalink'), embed_width = x.getAttribute('width'), embed_height = x.getAttribute('height'),