Fixed security vulnerability, and blob queue bug

docs/CREDITS.md

@@ -24,4 +24,6 @@ The favicon "Blue Marble" is owned by NASA
 Special Thanks:
 * nof, [darkness](https://github.com/TouchedByDarkness) for creating similar userscripts!
 * [BullStein](https://github.com/BullStein), [allanf181](https://github.com/allanf181) for being early beta testers!
+* guidu_ for the "Minimize" Button code!
+* Nomad for the tutorial!
 * TheBlueCorner for getting me interested in online pixel canvases!

docs/README.md

@@ -32,10 +32,10 @@
 <h1>Blue Marble</h1>
 <a href="" target="_blank"><img alt="Latest Version" src="https://img.shields.io/badge/Latest_Version-0.66.0-lightblue?style=flat"></a>
 <a href="https://github.com/SwingTheVine/Wplace-BlueMarble/releases" target="_blank"><img alt="Latest Release" src="https://img.shields.io/github/v/release/SwingTheVine/Wplace-BlueMarble?sort=semver&style=flat&label=Latest%20Release&color=blue"></a>
-<a href="https://github.com/SwingTheVine/Wplace-BlueMarble/blob/main/LICENSE.txt" target="_blank"><img alt="Software License: MPL-2.0" src="https://img.shields.io/badge/Software_License-MPL--2.0-brightgreen?style=flat"></a>
+<a href="https://github.com/SwingTheVine/Wplace-BlueMarble/blob/main/LICENSE.txt" target="_blank"><img alt="Software License: MPL-2.0" src="https://img.shields.io/badge/Software_License-MPL--2.0-slateblue?style=flat"></a>
 <a href="https://discord.gg/tpeBPy46hf" target="_blank"><img alt="Contact Me" src="https://img.shields.io/badge/Contact_Me-gray?style=flat&logo=Discord&logoColor=white&logoSize=auto&labelColor=cornflowerblue"></a>
-<a href="" target="_blank"><img alt="WakaTime" src="https://img.shields.io/badge/Coding_Time-59hrs_0mins-blue?style=flat&logo=wakatime&logoColor=black&logoSize=auto&labelColor=white"></a>
-<a href="" target="_blank"><img alt="Total Patches" src="https://img.shields.io/badge/Total_Patches-434-black?style=flat"></a>
+<a href="" target="_blank"><img alt="WakaTime" src="https://img.shields.io/badge/Coding_Time-87hrs_0mins-blue?style=flat&logo=wakatime&logoColor=black&logoSize=auto&labelColor=white"></a>
+<a href="" target="_blank"><img alt="Total Patches" src="https://img.shields.io/badge/Total_Patches-436-black?style=flat"></a>
 <a href="" target="_blank"><img alt="Total Lines of Code" src="https://tokei.rs/b1/github/SwingTheVine/Wplace-BlueMarble?category=code"></a>
 <a href="" target="_blank"><img alt="Total Comments" src="https://tokei.rs/b1/github/SwingTheVine/Wplace-BlueMarble?category=comments"></a>
 <a href="" target="_blank"><img alt="Compression" src="https://img.shields.io/badge/Compression-73.47%25-blue"></a>
@@ -47,7 +47,8 @@
   Welcome to Blue Marble! Blue Marble is a userscript for the website <a href="https://wplace.live/" target="_blank">wplace.live</a>. If you like this userscript, please ⭐ the repository!
 
   <h3>Installation Instructions</h3>
-  <a href="" target="_blank"><img alt="Supported Browsers" src="https://img.shields.io/badge/Browsers-Chrome%20%7C%20Firefox%20%7C%20Safari%20%7C%20IE-orange?style=flat"></a>
+  <a href="" target="_blank"><img alt="Supported Browsers" src="https://img.shields.io/badge/Supported%20Browsers-Chrome%20%7C%20Some%20Firefox%20%7C%20Safari%20%7C%20Edge-orange?style=flat"></a>
+  <a href="" target="_blank"><img alt="Unupported Browsers" src="https://img.shields.io/badge/Unsupported%20Browsers-Brave%20%7C%20Some%20FireFox%20%7C%20Kiwi-red?style=flat"></a>
   <p>
     Blue Marble has been verified to work on mobile devices. Blue Marble was designed on Chrome, but Blue Marble might work on "unsupported" browsers not listed above.
     <br>

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "wplace-bluemarble",
-  "version": "0.65.80",
+  "version": "0.66.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "wplace-bluemarble",
-      "version": "0.65.80",
+      "version": "0.66.2",
       "devDependencies": {
         "esbuild": "^0.25.0",
         "terser": "^5.43.1"

package.json

@@ -1,6 +1,6 @@
 {
   "name": "wplace-bluemarble",
-  "version": "0.66.0",
+  "version": "0.66.2",
   "type": "module",
   "scripts": {
     "build": "node build/build.js",

src/BlueMarble.meta.js

@@ -1,7 +1,7 @@
 // ==UserScript==
 // @name         Blue Marble
 // @namespace    https://github.com/SwingTheVine/
-// @version      0.66.0
+// @version      0.66.2
 // @description  A userscript to automate and/or enhance the user experience on Wplace.live. Make sure to comply with the site's Terms of Service, and rules! This script is not affiliated with Wplace.live in any way, use at your own risk. This script is not affiliated with TamperMonkey. The author of this userscript is not responsible for any damages, issues, loss of data, or punishment that may occur as a result of using this script. This script is provided "as is" under the MPL-2.0 license. The "Blue Marble" icon is licensed under CC0 1.0 Universal (CC0 1.0) Public Domain Dedication. The image is owned by NASA.
 // @author       SwingTheVine
 // @license      MPL-2.0

src/apiManager.js

@@ -45,7 +45,7 @@ export default class ApiManager {
       // E.g. "wplace.live/api/files/s0/tiles/0/0/0.png" -> "tiles"
       const endpointText = data['endpoint']?.split('?')[0].split('/').filter(s => s && isNaN(Number(s))).filter(s => s && !s.includes('.')).pop();
 
-      console.log(`%cBlue Marble%c: Recieved message about "${endpointText}"`, 'color: cornflowerblue;', '');
+      console.log(`%cBlue Marble%c: Recieved message about "%s"`, 'color: cornflowerblue;', '', endpointText);
 
       // Each case is something that Blue Marble can use from the fetch.
       // For instance, if the fetch was for "me", we can update the overlay stats
@@ -123,18 +123,7 @@ export default class ApiManager {
           
           const blobUUID = data['blobID'];
           const blobData = data['blobData'];
-          // let templateBlob = blobData; // By default, apply no template
-
-          // Only run if all coordinates are there
-          // if (this.templateCoordsTilePixel?.length >= 4) {
-
-          //   if ((tileCoordsTile[0] == this.templateCoordsTilePixel[0]) && (tileCoordsTile[1] == this.templateCoordsTilePixel[1])) {
-
-          //     console.log(`templateState: ${this.templateManager.templateState || null}`);
-          //     templateBlob = !!this.templateManager.templateState ? await this.templateManager.drawTemplate(blobData, this.templateCoordsTilePixel) : blobData;
-              
-          //   }
-          // }
+          
           const templateBlob = await this.templateManager.drawTemplateOnTile(blobData, tileCoordsTile);
 
           window.postMessage({

src/main.js

@@ -6,7 +6,7 @@ import Overlay from './Overlay.js';
 import Observers from './observers.js';
 import ApiManager from './apiManager.js';
 import TemplateManager from './templateManager.js';
-import { consoleLog } from './utils.js';
+import { consoleLog, consoleWarn } from './utils.js';
 
 const name = GM_info.script.name.toString(); // Name of userscript
 const version = GM_info.script.version.toString(); // Version of userscript
@@ -50,7 +50,20 @@ inject(() => {
 
     // The modified blob won't have an endpoint, so we ignore any message without one.
     if ((source == 'blue-marble') && !!blobID && !!blobData && !endpoint) {
-      fetchedBlobQueue.get(blobID)(blobData);
+
+      const callback = fetchedBlobQueue.get(blobID); // Retrieves the blob based on the UUID
+
+      // If the blobID is a valid function...
+      if (typeof callback === 'function') {
+
+        callback(blobData); // ...Retrieve the blob data from the blobID function
+      } else {
+        // ...else the blobID is unexpected. We don't know what it is, but we know for sure it is not a blob. This means we ignore it.
+
+        consoleWarn(`%c${name}%c: Attempted to retrieve a blob (%s) from queue, but the blobID was not a function! Skipping...`, consoleStyle, '', blobID);
+      }
+      
+      fetchedBlobQueue.delete(blobID); // Delete the blob from the queue, because we don't need to process it again
     }
   });
 
@@ -111,9 +124,6 @@ inject(() => {
             statusText: cloned.statusText
           }));
 
-          // Removes the processed blob from the queue
-          fetchedBlobQueue.delete(blobUUID);
-
           // Since this code does not run in the userscript, we can't use consoleLog().
           console.log(`%c${name}%c: ${fetchedBlobQueue.size} Processed blob "${blobUUID}"`, consoleStyle, '');
         });