Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / 9306b25afbf9d6c337a8818c98b694d0f8904f54 / . / dev / js / src / plugin / service.js
blob: aa00182126bbcdc06088c64f46b6c3accd634f9e [file] [log] [blame]
Akrone51eaa32020-11-10 09:35:53 +0100[diff] [blame]1"use strict";
2
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]3define(function () {
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]4
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]5 // Limit the supported sandbox permissions, especially
6 // to disallow 'same-origin'.
7 let allowed = {
8 "scripts" : 1,
9 "presentation" : 1,
10 "forms": 1,
11 "downloads-without-user-activation" : 1,
Akron8f1dbcf2022-12-21 12:09:39 +0100[diff] [blame]12 "downloads" : 1,
13 "popups" : 1
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]14 };
15
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]16 return {
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]17 create : function (data) {
18 return Object.create(this)._init(data);
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]19 },
20
21 // Initialize service
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]22 _init : function (data) {
23 if (!data || !data["name"] || !data["src"] || !data["id"])
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]24 throw Error("Service not well defined");
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]25
26 this.name = data["name"];
27 this.src = data["src"];
28 this.id = data["id"];
Akron3d013802020-10-07 15:03:38 +0200[diff] [blame]29 this.desc = data["desc"];
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]30 let _perm = new Set();
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]31 let perm = data["permissions"];
32 if (perm && Array.isArray(perm)) {
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]33 perm.forEach(function (p) {
34 if (p in allowed) {
35 _perm.add(p)
36 }
37 else {
38 KorAP.log(0, "Requested permission not allowed");
39 }
40 });
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]41 };
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]42
43 this._perm = _perm;
Akronfb11a962020-10-05 12:12:55 +0200[diff] [blame]44
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]45 // There is no close method defined yet
46 if (!this.close) {
47 this.close = function () {
48 this._closeIframe();
49 }
50 }
51
52 return this;
53 },
54
55 /**
56 * The element of the service as embedded in the panel
57 */
58 load : function () {
59 if (this._load)
60 return this._load;
Akron24f48ea2020-07-01 09:37:19 +0200[diff] [blame]61
62 if (window.location.protocol == 'https:' &&
63 this.src.toLowerCase().indexOf('https:') != 0) {
64 KorAP.log(0, "Service endpoint is insecure");
65 return;
66 };
67
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]68 // Spawn new iframe
69 let e = document.createElement('iframe');
70 e.setAttribute('allowTransparency',"true");
71 e.setAttribute('frameborder', 0);
hebasta78913242020-03-30 13:39:20 +0200[diff] [blame]72 // Allow forms in Plugins
Marc Kupietz1cd15692026-02-14 14:05:00 +0100[diff] [blame]73 let permissions = Array.from(this._perm).sort().map(function(i){ return "allow-"+i });
74 permissions.push("allow-same-origin");
75 e.setAttribute('sandbox', permissions.join(" "));
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]76 e.style.height = '0px';
77 e.setAttribute('name', this.id);
78 e.setAttribute('src', this.src);
79
80 this._load = e;
81 return e;
82 },
83
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]84 /**
85 * Send a message to the embedded service.
86 */
87 sendMsg : function (d) {
88 let iframe = this.load();
89 iframe.contentWindow.postMessage(
90 d,
91 '*'
92 ); // TODO: Fix origin
93 },
94
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]95 // onClose : function () {},
96
97 /**
98 * Close the service iframe.
99 */
100 _closeIframe : function () {
101 var e = this._load;
102 if (e && e.parentNode) {
103 e.parentNode.removeChild(e);
104 };
105 this._load = null;
106 }
107 };
108});