diff --git a/code/boot.js b/code/boot.js
index 2c2aab50..22838c92 100644
--- a/code/boot.js
+++ b/code/boot.js
@@ -562,15 +562,47 @@ function boot() {
$('#sidebar').show();
- if(window.bootPlugins)
- $.each(window.bootPlugins, function(ind, ref) {
- try {
- ref();
- } catch(err) {
- console.error("error starting plugin: index "+ind+", error: "+err);
+ if(window.bootPlugins) {
+ // check to see if a known 'bad' plugin is installed. If so, alert the user, and don't boot any plugins
+ var badPlugins = {
+ 'arc': 'Contains hidden code to report private data to a 3rd party server: details here',
+ };
+
+ // remove entries from badPlugins which are not installed
+ $.each(badPlugins, function(name,desc) {
+ if (!(window.plugin && window.plugin[name])) {
+ // not detected: delete from the list
+ delete badPlugins[name];
}
});
+ // if any entries remain in the list, report this to the user and don't boot ANY plugins
+ // (why not any? it's tricky to know which of the plugin boot entries were safe/unsafe)
+ if (Object.keys(badPlugins).length > 0) {
+ var warning = 'One or more known unsafe plugins were detected. For your safety, IITC has disabled all plugins.';
+ $.each(badPlugins,function(name,desc) {
+ warning += '- '+name+': '+desc+'
';
+ });
+ warning += '
Please uninstall the problem plugins and reload the page. See this FAQ entry for help.
Note: It is tricky for IITC to safely disable just problem plugins
';
+
+ dialog({
+ title: 'Plugin Warning',
+ html: warning,
+ width: 400
+ });
+ } else {
+ // no known unsafe plugins detected - boot all plugins
+ $.each(window.bootPlugins, function(ind, ref) {
+ try {
+ ref();
+ } catch(err) {
+ console.error("error starting plugin: index "+ind+", error: "+err);
+ debugger;
+ }
+ });
+ }
+ }
+
window.setMapBaseLayer();
window.setupLayerChooserApi();