QiFi - the pure JS WiFi QR Code Generator

Some time ago, the QR Code Generator - WiFi Access made quite some noise on the mighty Internet. Sure, it is cool to be able to share your WiFi-access with someone by just showing him a QR code he can scan on his phone and the phone will auto-connect to the WiFi. But I get a strange feeling telling someone I do not know my WiFi credentials. No, I do not mean my guests, I know them. I mean that shiny web-service that will generate a QR code for me. The geek in you will now say: "So? Open up a terminal, install qrencode, pipe it the string WIFI:S:<SSID>;T:<WPA|WEP|>;P:<password>;; and you got our QR code". Yeah, that works. But was it one or two semicolons at the end? And was it really just WPA even if my WiFi uses WPA2? Oh and how do I encode that umlaut again? I do not want to remember this. Thus, without too much rumble, may I present you: QiFi - the pure JS WiFi QR Code Generator. QiFi is a QR code generator for WiFi access in pure JavaScript. It will generate the QR code on your machine, in your browser, not leaking your precious credentials to anyone (but your guests). Don't trust me? Read the code. Fork the code. Host the code yourself. I hope you will find QiFi at least slightly useful ;-)


anon wrote on 2013-03-20 21:29:

Don’t do this, in-browser javascript security is useless, you can never be sure that the code you’re shown in view-source is really the code you end up executing.

What’s more, if you use this, you’re trusting google as well, since you’re pulling in javascript libraries from googleapis.com.

evgeni wrote on 2013-03-21 06:32:

1. Well, yes. view-source is for viewing the source I got from the server. If I want to debug/analyse an app like mine, I use the DOM inspector of my browser, that one can display the currently running code (markup, stylesheets, scripts) just fine. So yes, I can be sure. Plus you can use the network sniffer of your choice to verify no data-transfer whatsoever during generation.

2. I do actually trust Google on this one. But if you deliver me a patch to include jQuery directly, without having a static jquery.js copy in my code (thats why I use git submodules for the other libraries), I will merge it ASAP.

tomás zerolo wrote on 2013-03-21 08:19:

As anon put it: I do trust you, but I won’t trust my browser. Ever.

evgeni wrote on 2013-03-21 10:59:

Thanks for the trust :) But really: you can audit your browser and the code running in it — you cannot audit me ;)

Anyways, in that case the service does not seem like something for you, but neither are the other online QR generators.

stefan wrote on 2013-03-23 14:37:

Nice work.

If you are looking for something completely browserless, with autocompletion of available wifinetwork ssids, etc, have a look at qreator (https://launchpad.net/qreator).

Send your comments to evgeni+blogcomments@golov.de and I will publish them here (if you want).