From 76288d9d8e190c5841f1ad3de1ec93aa76156d26 Mon Sep 17 00:00:00 2001
From: garywill <garywill@disroot.org>
Date: Sat, 23 Oct 2021 10:03:56 +0800
Subject: [PATCH] dynamic permissions. won't ask for sensitive permissions if
 not needed

---
 src/README.md            |  4 +++-
 src/README_zh.md         |  4 +++-
 src/addon-popup.html     |  6 ++++++
 src/i_scripts.js         | 46 +++++++++++++++++++++++++++++++---------
 src/manifest-chrome.json |  6 ++++--
 src/manifest.json        |  6 ++++--
 6 files changed, 56 insertions(+), 16 deletions(-)
 mode change 100755 => 100644 src/README.md
 mode change 100755 => 100644 src/manifest-chrome.json
 mode change 100755 => 100644 src/manifest.json

diff --git a/src/README.md b/src/README.md
old mode 100755
new mode 100644
index 930ebd6..e9732e0
--- a/src/README.md
+++ b/src/README.md
@@ -56,7 +56,7 @@ Solve all needs between browsers and search engines. Easily make best use of dif
 - 🔎 Able to collect any (and have collected many) different searching or inquery websites and operate them on one page (any website that supports general GET/POST request)
   > E.g: Google, DuckDuckGo, Amazon, eBay, Dictionary, Github, StackOverflow, IEEE, or the holding of the library near your home (easy to customize). Included 40+
 - 🔎 User adding custom-defined search engine (even syncronizable between devices via browser account in browser extension)
-- 🔎 Support using browser-installed search engines (browser extension. So you can directly use those engines you've added into browser)
+- 🔎 Support using browser-installed search engines (browser extension. So you can directly use those engines you've added into browser. Currently only Firefox provides)
 - 🛡️ Pure client-side tool. No server transfer. No database server
 - 📁 Search engines catagory
 - 📋 Save, reuse and manage your input history (only saved locally in the browser)
@@ -65,6 +65,8 @@ Solve all needs between browsers and search engines. Easily make best use of dif
   > - Not in Firefox incognito mode. 
   > - On Chrome, after clicking context menu item, click the icon on toolbar
 - 🛡️ Hide HTTP Referrer by default to protect user privacy
+- 🛡️ Maximum safety. No injection to web
+- 🛡️ Minimun default permissions. Won't ask for sensitive permissions until needed
 
 ## Since the browser itself has search engines which can be used on URL bar, why use this?
 
diff --git a/src/README_zh.md b/src/README_zh.md
index cc995e9..696b234 100755
--- a/src/README_zh.md
+++ b/src/README_zh.md
@@ -58,7 +58,7 @@
 - 🔎 可将任意（已将许多）搜索、查询的网站集于一处操作（任意支持普通GET/POST的网站）
   > 例如 百度、Google、淘宝、有道、Github、StackOverflow、IEEE、你家附近某图书馆（易于自定义）藏书查询 等。已收录50+个
 - 🔎 用户添加自定义搜索引擎（若在浏览器扩展中，可与同浏览器账号同步）
-- 🔎 可调用浏览器内联的搜索引擎（浏览器扩展。因此你已添加进浏览器的搜索引擎可以直接用）
+- 🔎 可调用浏览器内联的搜索引擎（浏览器扩展。因此你已添加进浏览器的搜索引擎可以直接用。目前仅Firefox提供）
 - 🛡️ 纯客户端工具，无中转，无数据库服务器
 - 📁 分类卡片
 - 📋 可保存、复用和管理你的输入历史（仅保存在浏览器本地）
@@ -67,6 +67,8 @@
   > - Firefox无痕模式中无。
   > - Chrome中点了右键菜单后，需再点击工具栏中的图标
 - 🛡️ 默认隐藏HTTP Referrer以保护用户隐私
+- 🛡️ 最大的安全性，不向网页注入任何代码
+- 🛡️ 默认最小权限，仅在需要时请求敏感权限
 
 ## 既然浏览器本身可添加搜索引擎在URL栏调用，为什么用这个？
 
diff --git a/src/addon-popup.html b/src/addon-popup.html
index 949bd9f..990bd38 100755
--- a/src/addon-popup.html
+++ b/src/addon-popup.html
@@ -140,6 +140,12 @@ <h3 id="index_subtitle" >
                                     </div>
                                 
                                 </div>
+                                
+                                <div id="div_search_permi" style="display:none; " >
+                                    <button id="btn_search_permi">
+                                        <span class='lang lang-zh'>读取浏览器内的搜索引擎</span><span class='lang lang-en'>Read browser-installed search engines</span>                                    </button>
+                                </div>
+                                
                                 <div id="engines_cont"> </div>
                             </div>
     
diff --git a/src/i_scripts.js b/src/i_scripts.js
index ca07c68..8cec73a 100755
--- a/src/i_scripts.js
+++ b/src/i_scripts.js
@@ -134,9 +134,18 @@ onrd.push(function(){
 });
 
 onrd.push(function(){
-	document.getElementById("inputpaste").onclick=async function()
+	document.getElementById("inputpaste").onclick=function()
 	{
-		const clipboard = await navigator.clipboard.readText();
+        if (window.run_env != "http_web") {
+            chrome.permissions.request({
+                permissions: ["clipboardRead"]
+            });
+        }
+        
+		onPasteClick();
+	}
+	async function onPasteClick() {
+        const clipboard = await navigator.clipboard.readText();
         
         const inputbox = document.getElementById("inputbox");
         //document.getElementById("inputbox").value = c ;
@@ -155,7 +164,7 @@ onrd.push(function(){
         
         inputbox.setRangeText(clipboard, start, end, "end");
         inputbox.focus();
-	}
+    }
 });
 
 onrd.push(function(){
@@ -338,7 +347,12 @@ onrd.push(function(){
         document.getElementById("textarea_json").value = document.getElementById("textarea_json_saved").value
     });
 });
-
+onrd.push(function() {
+    document.getElementById("btn_search_permi").onclick = async function() {
+        await browser.permissions.request({ permissions: ["search"] });
+        document.getElementsByClassName("cata_btn_highlight")[0].click();
+    };
+});
 onrd.push(function(){
     if (document.getElementById("tosimp"))
     {
@@ -424,11 +438,7 @@ async function make_cata_btns() {
     document.getElementById("catas_cont").appendChild(createCataBtn("user", "user"));
     
     if (window.run_env != "http_web") {
-        try {
-            got_browser_engines = ( await browser.search.get() );
-        }catch(err) {}
-        
-        if (got_browser_engines.length > 0 )
+        if (isFirefox )
             document.getElementById("catas_cont").appendChild(createCataBtn("browser", "browser"));
     }
     
@@ -677,6 +687,20 @@ async function cata_onclick(btnobj)
         document.getElementById("div_custom_json").style.display="none";
     }
     
+    
+    if (btnobj.getAttribute("source")=="browser")
+    {
+        document.getElementById("div_search_permi").style.display = "none";
+        if ( ! await browser.permissions.contains( { permissions: ["search"] } ) )
+            document.getElementById("div_search_permi").style.display = "";
+            
+        try {
+            await fetch_browser_engines();
+        }catch(err) { }
+    }else{
+        document.getElementById("div_search_permi").style.display = "none";
+    }
+    
     engines_cont.appendChild( createETableByCata( btnobj.getAttribute('name'), btnobj.getAttribute('source'), 'engines_table'));
     
 
@@ -688,7 +712,9 @@ async function cata_onclick(btnobj)
     
     //table_cont_style();
 }
-
+async function fetch_browser_engines() {
+    got_browser_engines = ( await browser.search.get() );
+}
 
 function toggle_btm_dialog()
 {
diff --git a/src/manifest-chrome.json b/src/manifest-chrome.json
old mode 100755
new mode 100644
index 168259a..5423396
--- a/src/manifest-chrome.json
+++ b/src/manifest-chrome.json
@@ -10,8 +10,10 @@
     },
     "permissions": [
         "storage",
-        "contextMenus",
-        "clipboardRead"
+        "contextMenus"
+    ],
+    "optional_permissions": [
+        "clipboardRead",
     ],
     "incognito": "split",
     "icons": {
diff --git a/src/manifest.json b/src/manifest.json
old mode 100755
new mode 100644
index f4d5065..289fa13
--- a/src/manifest.json
+++ b/src/manifest.json
@@ -10,9 +10,11 @@
     },
     "permissions": [
         "storage",
-        "contextMenus",
+        "contextMenus"
+    ],
+    "optional_permissions": [
         "search",
-        "clipboardRead"
+        "clipboardRead",
     ],
     "icons": {
         "128": "icon.svg"