Support #120 ยป livehealth-login.js
| 1 |
/*
|
|---|---|
| 2 |
identifier: livehealth-login
|
| 3 |
long name: Login for LiveHealth Online
|
| 4 |
description: allow logging in to LiveHealth Online
|
| 5 |
URL pattern: https://startlivehealthonline.com/loginConsumer.htm
|
| 6 |
*/
|
| 7 |
|
| 8 |
// code copied from official script, makes the page visible
|
| 9 |
/* BEGIN COPIED CODE */
|
| 10 |
// Frame busting code, as recommended by "Busting Frame Busting: A Study of
|
| 11 |
// Clickjacking Vulnerabilities on Popular Sites", by Rydstedt, Bursztein,
|
| 12 |
// Boneh, and Jackson, May 25, 2010
|
| 13 |
|
| 14 |
|
| 15 |
if (self == top) { |
| 16 |
document.documentElement.style.visibility = "visible"; |
| 17 |
}
|
| 18 |
/* END COPIED CODE */
|
| 19 |
else { |
| 20 |
console.log("Hey! You're not supposed to visit this page inside an iframe!"); |
| 21 |
alert("Hey! You're not supposed to visit this page inside an iframe!"); |
| 22 |
}
|
| 23 |
|
| 24 |
// Add csrf token input (You need to get this value from cookies ("CSRF_TOKEN-cookie.startlivehealthonline.com"), not sure how to do it automatically.)
|
| 25 |
// TODO: get it automatically
|
| 26 |
// TODO: match the ordering of the values in the request to what happens with the proprietary scripts
|
| 27 |
const csrfInput = document.createElement("div"); |
| 28 |
csrfInput.className = "has-float-label"; |
| 29 |
csrfInput.innerHTML = `<input class="float_input botton-border-only" autocomplete="off" id="csrf" type="text" name="csrfToken" placeholder="CSRF Token" title="CSRF Token"> |
| 30 |
<label for="csrfToken">CSRF Token</label>`; |
| 31 |
document.getElementById("loginInputSection").appendChild(csrfInput); |