From 82a00f4d1e94f9839ae6b2a470305ffe5650b534 Mon Sep 17 00:00:00 2001
From: Cutls <web-pro@cutls.com>
Date: Tue, 16 Apr 2019 01:29:44 +0900
Subject: [PATCH] security

---
 app/about.html                    | 17 ++++++++++++-----
 app/js/login/manager.js           | 22 ++++++++++++++++++++++
 app/js/userdata/showOnTL.js       |  3 +--
 app/package.json                  |  2 +-
 app/view/make/setting.sample.html |  2 +-
 5 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/app/about.html b/app/about.html
index 63f25012..ca455003 100644
--- a/app/about.html
+++ b/app/about.html
@@ -76,7 +76,7 @@ a,button{
 <img src="./img/desk.png" style="max-width:70%;">
 <h5>TheDesk</h5>
 <div class='container'>
-    <div class='area-name1'>External version</div>
+    <div class='area-name1'>Display version</div>
     <div class='area-data1' id="now"></div>
     <div class='area-name2'>Internal version</div>
     <div class='area-data2' id="ver"></div>
@@ -87,13 +87,17 @@ a,button{
     <div class='area-name5'>Node.js</div>
     <div class='area-data5' id="node"></div>
   </div>
-  <div class="cp">Copyright &copy; TheDesk 2018 All rights reserved.<br><a href="https://thedesk.top" target="_blank">Web site</a></div>
+  <div class="cp">Copyright &copy; <a href="https://kirishima.cloud/@Cutls" target="_blank">Cutls P</a> 2018 All rights reserved.<br>
+    Thanks:<a href="https://minohdon.jp/@toneji" target="_blank">toneji</a>/<a href="https://popon.pptdn.jp/@popn_ja" target="_blank">popn_ja</a>/<a href="https://pawoo.net/@kPherox" target="_blank">kPherox</a> and all users
+    <img draggable="false" style="width:0.8rem;top: 1px;margin-left: 1px;position: relative;" alt="❤️" title=":heart:" src="https://twemoji.maxcdn.com/2/72x72/2764.png">
+<br><a href="https://thedesk.top" target="_blank">Web site</a></div>
 <button onclick="window.close()" class="btn waves-effect indigo" style="width:calc(100% - 10px);"><i class="material-icons left">close</i>Close</button>
 <script type="text/javascript" src="./js/ui/theme.js"></script>
 <script>
     $("#now").text(localStorage.getItem("ver"));
     var electron = require("electron");
     var remote=electron.remote;
+    const shell=electron.shell;
     //JSON.parse(fs.readFileSync(info_path, 'utf8'));
     console.log(process.versions);
     $("#node").text(process.version);
@@ -104,6 +108,9 @@ a,button{
         var ver=m[1];
         $("#ver").text(ver);
     }
-    
-</script>
-<script type="text/javascript" src="./js/platform/end.js"></script>
\ No newline at end of file
+$(document).on('click', 'a', e => {
+    var url =  $(e.target).attr('href');
+    shell.openExternal(url);
+    return false;
+});
+</script>
\ No newline at end of file
diff --git a/app/js/login/manager.js b/app/js/login/manager.js
index 884b50eb..efaf09b2 100644
--- a/app/js/login/manager.js
+++ b/app/js/login/manager.js
@@ -364,6 +364,28 @@ function misskeyLogin(url) {
 				"reaction-write",
 				"vote-read",
 				"vote-write"
+				/*
+				"read:account",
+				"write:account",
+				"read:drive",
+				"write:drive",
+				"read:blocks",
+				"write:blocks",
+				"read:favorites",
+				"write:favorites",
+				"read:following",
+				"write:following",
+				"read:messaging",
+				"write:messaging",
+				"read:mutes",
+				"write:mutes",
+				"write:notes",
+				"read:notifications",
+				"write:notifications",
+				"read:reactions",
+				"write:reactions",
+				"write:votes"
+				*/
 			]
 	}));
     httpreq.onreadystatechange = function() {
diff --git a/app/js/userdata/showOnTL.js b/app/js/userdata/showOnTL.js
index b201b38b..8c72c2e3 100644
--- a/app/js/userdata/showOnTL.js
+++ b/app/js/userdata/showOnTL.js
@@ -157,8 +157,7 @@ function udg(user, acct_id) {
 							var when="";
 							var color="inherit"
 						}
-						fval=twemoji.parse(fval);
-						note=note+'<tr><td class="his-field-title">'+fname+'</td><td class="his-field-content" title="'+when+'" style="background-color:'+color+'">'+fval+'</td></tr>';
+						note=note+'<tr><td class="his-field-title">'+twemoji.parse(escapeHTML(fname))+'</td><td class="his-field-content" title="'+when+'" style="background-color:'+color+'">'+twemoji.parse(fval)+'</td></tr>';
 					}
 					note=note+'</table>'
 					$("#his-des").html(twemoji.parse(note));
diff --git a/app/package.json b/app/package.json
index 55cbaef9..202de6eb 100644
--- a/app/package.json
+++ b/app/package.json
@@ -35,7 +35,7 @@
     },
     {
       "name": "kPherox",
-      "url": "https://www.kr-kp.com/",
+      "url": "https://pawoo.net/@kPherox",
       "email": "admin@mail.kr-kp.com"
     }
   ],
diff --git a/app/view/make/setting.sample.html b/app/view/make/setting.sample.html
index bf804391..7039f7ab 100644
--- a/app/view/make/setting.sample.html
+++ b/app/view/make/setting.sample.html
@@ -425,7 +425,7 @@
 	<a onclick="localStorage.removeItem('new-ver-skip'); location.href='index.html';"
 		class="pointer">@@checkup@@</a><br>
 	<a href="oss.html">OSS License@@ossJP@@</a><br>
-	<span style="font-family:Open Sans;">Copyright &copy; TheDesk 2018 All Rights Reserved.
+	<span style="font-family:Open Sans;">Copyright &copy; Cutls P 2018 All Rights Reserved.
 		Under <a href="https://github.com/cutls/TheDesk/blob/master/LICENSE">GNU General Public License v3.0</a> and <a
 			href="https://thedesk.top/tos.html">Terms of Use</a>/<a href="https://thedesk.top/priv.html">Privacy
 			Policy</a>