openethereum · 5chdn · Feb 16, 2018 · Feb 16, 2018 · Feb 16, 2018 · Feb 16, 2018
diff --git a/dapps/src/apps/mod.rs b/dapps/src/apps/mod.rs
@@ -44,7 +44,7 @@ pub const WEB_PATH: &'static str = "web";
 pub const URL_REFERER: &'static str = "__referer=";
 
 pub fn utils(pool: CpuPool) -> Box<Endpoint> {
-	Box::new(page::builtin::Dapp::new(pool, parity_ui::App::default()))
+	Box::new(page::builtin::Dapp::new(pool, false, parity_ui::App::default()))
 }
 
 pub fn ui(pool: CpuPool) -> Box<Endpoint> {
@@ -76,20 +76,26 @@ pub fn all_endpoints<F: Fetch>(
 	}
 
 	// NOTE [ToDr] Dapps will be currently embeded on 8180
-	insert::<parity_ui::App>(&mut pages, "ui", Embeddable::Yes(embeddable.clone()), pool.clone());
+	insert::<parity_ui::App>(&mut pages, "ui", Embeddable::Yes(embeddable.clone()), pool.clone(), true);
 	// old version
-	insert::<parity_ui::old::App>(&mut pages, "v1", Embeddable::Yes(embeddable.clone()), pool.clone());
+	insert::<parity_ui::old::App>(&mut pages, "v1", Embeddable::Yes(embeddable.clone()), pool.clone(), true);
 
 	pages.insert("proxy".into(), ProxyPac::boxed(embeddable.clone(), dapps_domain.to_owned()));
 	pages.insert(WEB_PATH.into(), Web::boxed(embeddable.clone(), web_proxy_tokens.clone(), fetch.clone()));
 
 	(local_endpoints, pages)
 }
 
-fn insert<T : WebApp + Default + 'static>(pages: &mut Endpoints, id: &str, embed_at: Embeddable, pool: CpuPool) {
+fn insert<T : WebApp + Default + 'static>(
+	pages: &mut Endpoints,
+	id: &str,
+	embed_at: Embeddable,
+	pool: CpuPool,
+	allow_js_eval: bool,
+) {
 	pages.insert(id.to_owned(), Box::new(match embed_at {
-		Embeddable::Yes(address) => page::builtin::Dapp::new_safe_to_embed(pool, T::default(), address),
-		Embeddable::No => page::builtin::Dapp::new(pool, T::default()),
+		Embeddable::Yes(address) => page::builtin::Dapp::new_safe_to_embed(pool, allow_js_eval, T::default(), address),
+		Embeddable::No => page::builtin::Dapp::new(pool, allow_js_eval, T::default()),
 	}));
 }
 

diff --git a/dapps/src/page/builtin.rs b/dapps/src/page/builtin.rs
@@ -38,13 +38,14 @@ pub struct Dapp<T: WebApp + 'static> {
 
 impl<T: WebApp + 'static> Dapp<T> {
 	/// Creates new `Dapp` for builtin (compile time) Dapp.
-	pub fn new(pool: CpuPool, app: T) -> Self {
-		let info = app.info();
+	pub fn new(pool: CpuPool, allow_js_eval: bool, app: T) -> Self {
+		let mut info = EndpointInfo::from(app.info());
+		info.allow_js_eval = Some(allow_js_eval);
 		Dapp {
 			pool,
 			app,
 			safe_to_embed_on: None,
-			info: EndpointInfo::from(info),
+			info,
 			fallback_to_index_html: false,
 		}
 	}
@@ -65,13 +66,14 @@ impl<T: WebApp + 'static> Dapp<T> {
 	/// Creates new `Dapp` which can be safely used in iframe
 	/// even from different origin. It might be dangerous (clickjacking).
 	/// Use wisely!
-	pub fn new_safe_to_embed(pool: CpuPool, app: T, address: Embeddable) -> Self {
-		let info = app.info();
+	pub fn new_safe_to_embed(pool: CpuPool, allow_js_eval: bool, app: T, address: Embeddable) -> Self {
+		let mut info = EndpointInfo::from(app.info());
+		info.allow_js_eval = Some(allow_js_eval);
 		Dapp {
 			pool,
 			app,
 			safe_to_embed_on: address,
-			info: EndpointInfo::from(info),
+			info,
 			fallback_to_index_html: false,
 		}
 	}

diff --git a/js-old/src/manifest.json b/js-old/src/manifest.json
@@ -4,4 +4,5 @@
   "author": "Parity <[email protected]>",
   "description": "Parity Wallet and Account management tools",
   "iconUrl": "icon.png",
+  "allowJsEval": true
 }