Support different sandbox permissions on plugin registration (Fixes #112)
Change-Id: I0f99e378c44c6e53ac0a2f75727311864e73bf82
diff --git a/dev/js/src/plugin/server.js b/dev/js/src/plugin/server.js
index 7f9bc85..2422892 100644
--- a/dev/js/src/plugin/server.js
+++ b/dev/js/src/plugin/server.js
@@ -153,6 +153,8 @@
let url = onClick["template"];
// that._interpolateURI(onClick["template"], this.match);
+ let perm = onClick["permissions"];
+
// The button has a state and the state is associated to the
// a intermediate object to toggle the view
if ('state' in this.button && this.button.state.associates() > 0) {
@@ -182,7 +184,7 @@
};
// Add the widget to the panel
- let id = that.addWidget(this, name, url);
+ let id = that.addWidget(this, name, url, perm);
plugin["widgets"].push(id);
// If a state exists, associate with a mediator object
@@ -247,6 +249,8 @@
// Add the service
let id = this.addService(name, url);
+ let perm = onClick["permissions"];
+
// TODO:
// This is a bit stupid to get the service window
let service = services[id];
@@ -334,7 +338,7 @@
/**
* Add a service in a certain panel and return the id.
*/
- addService : function (name, src) {
+ addService : function (name, src, permissions) {
if (!src)
return;
@@ -342,6 +346,9 @@
// Create a new service
let service = serviceClass.create(name, src, id);
+ if (permissions != undefined) {
+ service.allow(permissions);
+ };
services[id] = service;
limits[id] = maxMessages;
@@ -359,12 +366,15 @@
* Open a new widget view in a certain panel and return
* the id.
*/
- addWidget : function (panel, name, src) {
+ addWidget : function (panel, name, src, permissions) {
let id = this._getServiceID();
// Create a new widget
var widget = widgetClass.create(name, src, id);
+ if (permissions != undefined) {
+ widget.allow(permissions);
+ };
// Store the widget based on the identifier
services[id] = widget;
diff --git a/dev/js/src/plugin/service.js b/dev/js/src/plugin/service.js
index 3152f38..4029349 100644
--- a/dev/js/src/plugin/service.js
+++ b/dev/js/src/plugin/service.js
@@ -13,7 +13,8 @@
this.name = name;
this.src = src;
this.id = id;
-
+ this._perm = new Set();
+
// There is no close method defined yet
if (!this.close) {
this.close = function () {
@@ -42,7 +43,7 @@
e.setAttribute('allowTransparency',"true");
e.setAttribute('frameborder', 0);
// Allow forms in Plugins
- e.setAttribute('sandbox','allow-scripts allow-forms');
+ e.setAttribute('sandbox', this._permString());
e.style.height = '0px';
e.setAttribute('name', this.id);
e.setAttribute('src', this.src);
@@ -51,6 +52,25 @@
return e;
},
+ allow : function (permission) {
+ if (Array.isArray(permission)) {
+ permission.forEach(
+ p => this._perm.add(p)
+ );
+ }
+ else {
+ this._perm.add(permission);
+ };
+
+ if (this._load) {
+ this._load.setAttribute('sandbox', this._permString());
+ }
+ },
+
+ _permString : function () {
+ return Array.from(this._perm).sort().join(" ");
+ },
+
/**
* Send a message to the embedded service.
*/