From 333f893d847dbcf453b781064f0e79a757ab2ad0 Mon Sep 17 00:00:00 2001
From: Tim Stallard <code@timstallard.me.uk>
Date: Tue, 14 Mar 2017 09:46:54 +0000
Subject: [PATCH] Added confirmation code for custom blocks

---
 src/diagram/import.js | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/diagram/import.js b/src/diagram/import.js
index f1331f5..ac63b3c 100644
--- a/src/diagram/import.js
+++ b/src/diagram/import.js
@@ -3,10 +3,23 @@ var events = require("../events.js");
 var $ = require("jquery");
 
 module.exports = function(newDiagram){
-  Object.assign(diagram, JSON.parse(newDiagram));
-  $("#workspace>*").remove();
-  for(var block of diagram.state){
-    require("../pageInteraction/addBlockToPage.js")(block);
+  var newDiagramObject = JSON.parse(newDiagram);
+  var customCode = false;
+  if(newDiagramObject.state.filter((block)=>(block.type == "custom")).length){customCode = true}; //check blocks for custom
+  for(var snapshot of newDiagramObject.snapshots){
+    if(snapshot.state.filter((block)=>(block.type == "custom")).length){customCode = true}; //check blocks in snapshots for custom
+  }
+  var accepted = true;
+  if(customCode){ //check with user if JS present
+    accepted = confirm("This document contains Javascript. You should only allow this document to be opened if you trust the source.");
+  }
+  if(accepted){
+    if(newDiagramObject.state.filter((block)=>(block.type == "custom")).length) customCode = true;
+    Object.assign(diagram, newDiagramObject);
+    $("#workspace>*").remove();
+    for(var block of diagram.state){
+      require("../pageInteraction/addBlockToPage.js")(block);
+    }
+    events.emit("diagramImport");
   }
-  events.emit("diagramImport");
 }