Support #120 ยป livehealth-login.js
1 |
/*
|
---|---|
2 |
identifier: livehealth-login
|
3 |
long name: Login for LiveHealth Online
|
4 |
description: allow logging in to LiveHealth Online
|
5 |
URL pattern: https://startlivehealthonline.com/loginConsumer.htm
|
6 |
*/
|
7 |
|
8 |
// code copied from official script, makes the page visible
|
9 |
/* BEGIN COPIED CODE */
|
10 |
// Frame busting code, as recommended by "Busting Frame Busting: A Study of
|
11 |
// Clickjacking Vulnerabilities on Popular Sites", by Rydstedt, Bursztein,
|
12 |
// Boneh, and Jackson, May 25, 2010
|
13 |
|
14 |
|
15 |
if (self == top) { |
16 |
document.documentElement.style.visibility = "visible"; |
17 |
}
|
18 |
/* END COPIED CODE */
|
19 |
else { |
20 |
console.log("Hey! You're not supposed to visit this page inside an iframe!"); |
21 |
alert("Hey! You're not supposed to visit this page inside an iframe!"); |
22 |
}
|
23 |
|
24 |
// Add csrf token input (You need to get this value from cookies ("CSRF_TOKEN-cookie.startlivehealthonline.com"), not sure how to do it automatically.)
|
25 |
// TODO: get it automatically
|
26 |
// TODO: match the ordering of the values in the request to what happens with the proprietary scripts
|
27 |
const csrfInput = document.createElement("div"); |
28 |
csrfInput.className = "has-float-label"; |
29 |
csrfInput.innerHTML = `<input class="float_input botton-border-only" autocomplete="off" id="csrf" type="text" name="csrfToken" placeholder="CSRF Token" title="CSRF Token"> |
30 |
<label for="csrfToken">CSRF Token</label>`; |
31 |
document.getElementById("loginInputSection").appendChild(csrfInput); |