From 2425cbb44be23a6dcbecd41b8706fa6b3aac4d9f Mon Sep 17 00:00:00 2001 From: Jaifroid Date: Sun, 21 Apr 2024 13:56:24 +0100 Subject: [PATCH] Add information on security of ZIM files --- www/index.html | 33 ++++++++++++++++++++++----------- www/js/app.js | 2 +- 2 files changed, 23 insertions(+), 12 deletions(-) diff --git a/www/index.html b/www/index.html index ea5643bf..f285a056 100644 --- a/www/index.html +++ b/www/index.html @@ -286,6 +286,7 @@

+

Security of your ZIM archives and your browser

+

+ Most ZIM archives nowadays contain active content (scripts). Although we sandbox content in the ZIM as much as possible and use a strict Content Security Policy, + we have to interact with the loaded content, and so we cannot fully lock it down. When the app is running in its default mode (in modern browsers), it is possible + that a deliberately malicious ZIM from an untrusted source could break out of the sandbox and do nasty things like redirecting your browser to third-party or + phishing sites. To mitigate against this, the app asks you to indicate that you trust the source of a ZIM when you first open it, and offers to open the ZIM in + Restricted mode first, so you can check the validity of the content. Restricted mode prevents most dynamic content from running. When you + next open a trusted file, the app will automatically switch back to ServiceWorker mode. If you make a mistake, and accidentally trust a malicious ZIM, then you + should reset the app using the button in Configuration (and, of course, delete the ZIM). +

File handling and File System access

This app reads very large files stored on your device. All versions of the app can pick a file from any user-accessible location, and on desktop browsers, you can drag-and-drop any ZIM archive into the app. Some versions of the app can also be granted access to a folder or directory in which you may store several ZIM archives. If this option is available, you will see a "Select folder" button (after clicking "Select storage"). In almost all cases, except for installed - Electron apps or if you are using the Origin Private File System (see below), you will be asked to grant permission to access previously picked files or - folders every time the app launches (usually this is just one or two clicks). This is a security feature of your browser and operating system. + Electron apps, recent Chromium desktop browsers, or if you are using the Origin Private File System (see below), you will be asked to grant permission to access + previously picked files or folders every time the app launches (usually this is just one or two clicks). This is a security feature of your browser and operating system.

- Chromium desktop browsers support the File Handling API when you install the PWA. - This allows you to associate ZIM files with the app, so that when you double-click a ZIM file in your system's file explorer, it will open in the app. The first time - you do this, you will be asked for permission to handle ZIM archives, and the browser will remember your choice. You can change your choice in the browser settings. - Each time you launch a ZIM, it will open in a separate instance of the app, allowing you to browse multiple ZIMs at the same time. Note that multiple instances are not - currently supported in the Electron/UWP apps. + Chromium desktop browsers support Persistent Permissions + and the File Handling API when you install the PWA. Persistent Permissions are + available in Chrome, Edge, and other Chromium browsers as of version 122: the secon or third time you open a file or folder, you will be asked if you wish to grant + persistent permission. The File Handling API allows you to associate ZIM files with the app, so that when you double-click a ZIM file in your system's file explorer, + it will open in the app. The first time you do this, you will be asked for permission to handle ZIM archives, and the browser will remember your choice. You can + change your choice in the browser settings. Each time you launch a ZIM, it will open in a separate instance of the app, allowing you to browse multiple ZIMs at the + same time. Note that multiple instances are not currently supported in the Electron/UWP apps.

Origin Private File System

@@ -648,10 +661,8 @@ supported in this mode. It can feel initially a little slower while commonly used assets are being cached, but it soon equals Restricted mode in speed, at least in modern browsers. However, older browsers such as IE11 do not support this mode, and the app must be running in a secure context (https:, localhost, or certain browser - extensions). Although we sandbox content in the ZIM as much as possible, it is possible that a deliberately malicious - ZIM from an untrusted source could break out of the sandbox and do nasty things like redirecting your browser to - third-party or phishing sites. To mitigate against this, we suggest you open ZIMs from untrusted sources in - Restricted mode first, to assure yourself of the validity of their content. + extensions). Please be sure only to open ZIMs from sources you trust in this mode: see Security + for more information.

  • Restricted mode: This mode prevents attached scripts from running in the iframe, so it is useful for checking diff --git a/www/js/app.js b/www/js/app.js index ff6217cf..f86108a7 100644 --- a/www/js/app.js +++ b/www/js/app.js @@ -4093,7 +4093,7 @@ function setLocalArchiveFromFileList (files, fromArchiveList) { * */ function verifyLoadedArchive (archive) { - return uiUtil.systemAlert('

    Is this ZIM archive from a trusted source?

    ' + + return uiUtil.systemAlert('

    Is this ZIM archive from a trusted source?

    ' + 'Name: ' + archive.file.name + '
    ' + 'Creator: ' + archive.creator + '
    ' + 'Publisher: ' + archive.publisher + '
    ' +