Discussion on: Easy Dark Mode for Slack

View post

Replies for: code one-liner for repeated injection: echo 'document.addEventListener("DOMContentLoaded", function() {$.ajax({url: "https://cdn.rawgit.com/laCo...

For the security conscious among us (or those on corporate networks that would kill us for including external code in a JS File in our slack), here's a version that inlines the contents of that file, and asks you for permission before updating so you can check out the "css" downloaded.

(I put "css" in quotes because there's a risk that the code could be compromised and not be CSS at all. Articles like this hackernoon.com/im-harvesting-credi... make me nervous about these types of attack vectors).

In any case:

echo "TEXT TO BE ADDED:"; echo "document.addEventListener('DOMContentLoaded', function() { const css = \`$(curl --silent https://cdn.rawgit.com/laCour/slack-night-mode/master/css/raw/black.css)\`; const overrides = 'code { background-color: #535353; color: #85c5ff; } .c-mrkdwn__pre, .c-mrkdwn__quote { background: #535353  background-color: #535353 \!important; }'; \$('<style></style>').appendTo('head').html(css + overrides); });"; echo "LOOKS OKAY??? (y = yes)"; read ANSWER; if ! [[ "$ANSWER" =~ ^([yY][eE][sS]|[yY])+$ ]]; then echo "YOU DID NOT ENTER YES. NOT UPDATING"; else; echo "EVERYTHING LOOKS GOOD. UPDATING SLACK."; echo "document.addEventListener('DOMContentLoaded', function() { const css = \`$(curl --silent https://cdn.rawgit.com/laCour/slack-night-mode/master/css/raw/black.css)\`; const overrides = 'code { background-color: #535353; color: #85c5ff; } .c-mrkdwn__pre, .c-mrkdwn__quote { background: #535353  background-color: #535353 \!important; }'; \$('<style></style>').appendTo('head').html(css + overrides); });" | sudo tee -a /Applications/Slack.app/Contents/Resources/app.asar.unpacked/src/static/ssb-interop.js; fi;