Kiosk mode [unsafe].

"Kiosk mode" is a "read-only" Zulip suitable for embedding into an iframe on another site. I say "read-only" in quotation marks, because the account is still a fully-fledged active account on the server, and we just tear out a bunch of stuff in Javascript (that a malicious user could easily re-enable). So in that sense, it's not actually safe in security-sensitive environments -- malicious users logged in via kiosk mode can do anything the kiosk-mode user can do. (We need this functionality for the customer3 realm specifically; we'll possibly just tear this code back out once that experiment has run its course.) (imported from commit deb035b4c702fcdb0e660ed549fe74c682abb6d9)
2025-11-11 01:16:19 +00:00 · 2013-08-11 14:14:59 -04:00
parent dbcbeb17d4
commit 0dcaf9ca3d
5 changed files with 66 additions and 1 deletions
--- a/static/js/kiosk.js
+++ b/static/js/kiosk.js
@@ -0,0 +1,60 @@
+var kiosk = (function () {
+
+var exports = {};
+
+exports.enable = function () {
+    exports.kiosk_mode_enabled = true;
+
+    // Make layout look correct
+    $("body").css('padding', 5);
+    $(".container-fluid").css('padding', 0);
+    $(".message_area_padder").css('padding', 0);
+    $(".tab-content").removeClass("span8");
+
+    // Firefox seems to require this, otherwise it draws a scrollbar.
+    $("#home").css('overflow', 'hidden');
+
+    $(".hidden-phone").hide();
+    $(".navbar").hide();
+    $("#navbar-spacer").hide();
+
+    $("#compose").hide();
+    $("#bottom_whitespace").hide();
+    $("#tab_bar").parent().hide();
+
+    $("#floating_recipient_bar").css('top', 0);
+    $(".message_area_padder").css('margin', 0);
+    ui.resize_page_components();
+
+    // Disable message sending, narrowing, actions popover
+    compose.start = function () { return; };
+    narrow.activate = function () { return; };
+    popovers.show_actions_popover = function () { return; };
+    // Disable hotkeys? Seems like this is not necessary after the
+    // above, and keeping them around lets us scroll nicely.
+
+    // TODO: Is it going to prompt for notifications?
+    // My guess is that it probably won't if we disable notifications
+    // for the iframe user, but who knows.
+};
+
+exports.update_new_messages = function () {
+    if (exports.kiosk_mode_enabled !== true) {
+        return;
+    }
+    // Format messages properly & scroll to last message
+    $(".message_controls").hide();
+    $(".message_time").css('right', -65);
+    navigate.to_end();
+};
+
+exports.kiosk_mode_enabled = false;
+$(function () {
+    if (feature_flags.kiosk_mode) {
+        exports.enable();
+    }
+});
+
+return exports;
+
+}());