commit e8e2c9567cb6eeb4ba298f6b4d6a89a3bf022aa8
author Akron <nils@diewald-online.de> Wed Jul 04 13:43:12 2018 +0200
committer Akron <nils@diewald-online.de> Thu Jul 19 12:13:15 2018 +0200
tree fa366686304b0793d9555a5990f15dd17f9cfa22
parent a99315ec53fe03a1c776e395f1ce11d6e0f5ca7e

Fixed resizing of widgets

Change-Id: I566a28acbaa01cbcbf3a0adc55c3de879e2e8434

dev/js/src/plugin/server.js

diff --git a/dev/js/src/plugin/server.js b/dev/js/src/plugin/server.js
index d26de27..9401de6 100644
--- a/dev/js/src/plugin/server.js
+++ b/dev/js/src/plugin/server.js
@@ -11,18 +11,23 @@
 define(["plugin/widget", "util"], function (widgetClass) {
   "use strict";
 
-  // TODO:
-  //   This is a counter to limit acceptable incoming messages
-  //   to hundred. For every message, this will be decreased
-  //   (down to 0), for every second this will be increased
-  //   (up to 100).
-  var maxMessages = 100;
-  var limits = {};
-
   // Contains all widgets to address with
   // messages to them
   var widgets = {};
 
+  // This is a counter to limit acceptable incoming messages
+  // to a certain amount. For every message, this counter will
+  // be decreased (down to 0), for every second this will be
+  // increased (up to 100).
+  // Once a widget surpasses the limit, it will be killed
+  // and called suspicious.
+  var maxMessages = 100;
+  var limits = {};
+
+  // TODO:
+  //   It may be useful to establish a watcher that pings
+  //   all widgets every second to see if it is still alive.
+  
   return {
 
     /**
@@ -38,6 +43,10 @@
      */
     _init : function () {
 
+      // TODO:
+      //   It is better to establish the listener
+      //   only in case there is a widget
+
       var that = this;
       window.addEventListener("message", function (e) {
         that._receiveMsg(e);
@@ -55,7 +64,7 @@
     },
 
     /**
-     * Open a new widget on a certain element
+     * Open a new widget as a child to a certain element
      */
     addWidget : function (element, src) {
 
@@ -75,7 +84,9 @@
       );
     },
 
-    // Receive a call from an embedded iframe
+    // Receive a call from an embedded iframe.
+    // The handling needs to be very careful,
+    // as this can easily become a security nightmare.
     _receiveMsg : function (e) {
       // Get event data
       var d = e.data;
@@ -87,9 +98,6 @@
 
       // e.origin is probably set and okay - CHECK!
 
-      // TODO:
-      //   Deal with mad iframes
-
       // Get origin ID
       var id = d["originID"];
 
@@ -106,6 +114,9 @@
 
       // Check for message limits
       if (limits[id]-- < 0) {
+
+        // Kill widget
+        KorAP.log(0, 'Suspicious action from ' + widget.src);
         widget.shutdown();
         delete limits[id];
         delete widgets[id];
@@ -114,7 +125,6 @@
 
       // Resize the iframe
       if (d.action === 'resize') {
-
         widget.resize(d);
       }