| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 1 | define(function () { | 
|  | 2 | "use strict"; | 
| Akron | c300364 | 2020-03-30 10:19:14 +0200 | [diff] [blame] | 3 |  | 
| Akron | ce0d882 | 2020-10-05 16:25:40 +0200 | [diff] [blame] | 4 | // Limit the supported sandbox permissions, especially | 
|  | 5 | // to disallow 'same-origin'. | 
|  | 6 | let allowed = { | 
|  | 7 | "scripts" : 1, | 
|  | 8 | "presentation" : 1, | 
|  | 9 | "forms": 1, | 
|  | 10 | "downloads-without-user-activation" : 1, | 
|  | 11 | "downloads" : 1 | 
|  | 12 | }; | 
|  | 13 |  | 
| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 14 | return { | 
| Akron | bb89198 | 2020-10-05 16:07:18 +0200 | [diff] [blame] | 15 | create : function (data) { | 
|  | 16 | return Object.create(this)._init(data); | 
| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 17 | }, | 
|  | 18 |  | 
|  | 19 | // Initialize service | 
| Akron | bb89198 | 2020-10-05 16:07:18 +0200 | [diff] [blame] | 20 | _init : function (data) { | 
|  | 21 | if (!data || !data["name"] || !data["src"] || !data["id"]) | 
| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 22 | throw Error("Service not well defined"); | 
| Akron | bb89198 | 2020-10-05 16:07:18 +0200 | [diff] [blame] | 23 |  | 
|  | 24 | this.name = data["name"]; | 
|  | 25 | this.src = data["src"]; | 
|  | 26 | this.id = data["id"]; | 
| Akron | ce0d882 | 2020-10-05 16:25:40 +0200 | [diff] [blame] | 27 | let _perm = new Set(); | 
| Akron | bb89198 | 2020-10-05 16:07:18 +0200 | [diff] [blame] | 28 | let perm = data["permissions"]; | 
|  | 29 | if (perm && Array.isArray(perm)) { | 
| Akron | ce0d882 | 2020-10-05 16:25:40 +0200 | [diff] [blame] | 30 | perm.forEach(function (p) { | 
|  | 31 | if (p in allowed) { | 
|  | 32 | _perm.add(p) | 
|  | 33 | } | 
|  | 34 | else { | 
|  | 35 | KorAP.log(0, "Requested permission not allowed"); | 
|  | 36 | } | 
|  | 37 | }); | 
| Akron | bb89198 | 2020-10-05 16:07:18 +0200 | [diff] [blame] | 38 | }; | 
| Akron | ce0d882 | 2020-10-05 16:25:40 +0200 | [diff] [blame] | 39 |  | 
|  | 40 | this._perm = _perm; | 
| Akron | fb11a96 | 2020-10-05 12:12:55 +0200 | [diff] [blame] | 41 |  | 
| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 42 | // There is no close method defined yet | 
|  | 43 | if (!this.close) { | 
|  | 44 | this.close = function () { | 
|  | 45 | this._closeIframe(); | 
|  | 46 | } | 
|  | 47 | } | 
|  | 48 |  | 
|  | 49 | return this; | 
|  | 50 | }, | 
|  | 51 |  | 
|  | 52 | /** | 
|  | 53 | * The element of the service as embedded in the panel | 
|  | 54 | */ | 
|  | 55 | load : function () { | 
|  | 56 | if (this._load) | 
|  | 57 | return this._load; | 
| Akron | 24f48ea | 2020-07-01 09:37:19 +0200 | [diff] [blame] | 58 |  | 
|  | 59 | if (window.location.protocol == 'https:' && | 
|  | 60 | this.src.toLowerCase().indexOf('https:') != 0) { | 
|  | 61 | KorAP.log(0, "Service endpoint is insecure"); | 
|  | 62 | return; | 
|  | 63 | }; | 
|  | 64 |  | 
| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 65 | // Spawn new iframe | 
|  | 66 | let e = document.createElement('iframe'); | 
|  | 67 | e.setAttribute('allowTransparency',"true"); | 
|  | 68 | e.setAttribute('frameborder', 0); | 
| hebasta | 7891324 | 2020-03-30 13:39:20 +0200 | [diff] [blame] | 69 | // Allow forms in Plugins | 
| Akron | ce0d882 | 2020-10-05 16:25:40 +0200 | [diff] [blame] | 70 | e.setAttribute('sandbox', Array.from(this._perm).sort().map(function(i){ return "allow-"+i }).join(" ")); | 
| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 71 | e.style.height = '0px'; | 
|  | 72 | e.setAttribute('name', this.id); | 
|  | 73 | e.setAttribute('src', this.src); | 
|  | 74 |  | 
|  | 75 | this._load = e; | 
|  | 76 | return e; | 
|  | 77 | }, | 
|  | 78 |  | 
| Akron | c300364 | 2020-03-30 10:19:14 +0200 | [diff] [blame] | 79 | /** | 
|  | 80 | * Send a message to the embedded service. | 
|  | 81 | */ | 
|  | 82 | sendMsg : function (d) { | 
|  | 83 | let iframe = this.load(); | 
|  | 84 | iframe.contentWindow.postMessage( | 
|  | 85 | d, | 
|  | 86 | '*' | 
|  | 87 | ); // TODO: Fix origin | 
|  | 88 | }, | 
|  | 89 |  | 
| Akron | 22598cd | 2019-12-09 14:59:03 +0100 | [diff] [blame] | 90 | // onClose : function () {}, | 
|  | 91 |  | 
|  | 92 | /** | 
|  | 93 | * Close the service iframe. | 
|  | 94 | */ | 
|  | 95 | _closeIframe : function () { | 
|  | 96 | var e = this._load; | 
|  | 97 | if (e && e.parentNode) { | 
|  | 98 | e.parentNode.removeChild(e); | 
|  | 99 | }; | 
|  | 100 | this._load = null; | 
|  | 101 | } | 
|  | 102 | }; | 
|  | 103 | }); |