Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / c565b7c4aa7c431b8700a111f61f16b019dc65e8 / . / dev / js / src / plugin / service.js
blob: a76b2e4950d7d53e89f07fbc5f6f3b3b2b5d74ef [file] [log] [blame]
Akrone51eaa32020-11-10 09:35:53 +0100[diff] [blame]1"use strict";
2
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]3define(function () {
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]4
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]5 // Limit the supported sandbox permissions, especially
6 // to disallow 'same-origin'.
7 let allowed = {
8 "scripts" : 1,
9 "presentation" : 1,
10 "forms": 1,
11 "downloads-without-user-activation" : 1,
12 "downloads" : 1
13 };
14
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]15 return {
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]16 create : function (data) {
17 return Object.create(this)._init(data);
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]18 },
19
20 // Initialize service
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]21 _init : function (data) {
22 if (!data || !data["name"] || !data["src"] || !data["id"])
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]23 throw Error("Service not well defined");
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]24
25 this.name = data["name"];
26 this.src = data["src"];
27 this.id = data["id"];
Akron3d013802020-10-07 15:03:38 +0200[diff] [blame]28 this.desc = data["desc"];
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]29 let _perm = new Set();
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]30 let perm = data["permissions"];
31 if (perm && Array.isArray(perm)) {
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]32 perm.forEach(function (p) {
33 if (p in allowed) {
34 _perm.add(p)
35 }
36 else {
37 KorAP.log(0, "Requested permission not allowed");
38 }
39 });
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]40 };
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]41
42 this._perm = _perm;
Akronfb11a962020-10-05 12:12:55 +0200[diff] [blame]43
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]44 // There is no close method defined yet
45 if (!this.close) {
46 this.close = function () {
47 this._closeIframe();
48 }
49 }
50
51 return this;
52 },
53
54 /**
55 * The element of the service as embedded in the panel
56 */
57 load : function () {
58 if (this._load)
59 return this._load;
Akron24f48ea2020-07-01 09:37:19 +0200[diff] [blame]60
61 if (window.location.protocol == 'https:' &&
62 this.src.toLowerCase().indexOf('https:') != 0) {
63 KorAP.log(0, "Service endpoint is insecure");
64 return;
65 };
66
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]67 // Spawn new iframe
68 let e = document.createElement('iframe');
69 e.setAttribute('allowTransparency',"true");
70 e.setAttribute('frameborder', 0);
hebasta78913242020-03-30 13:39:20 +0200[diff] [blame]71 // Allow forms in Plugins
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]72 e.setAttribute('sandbox', Array.from(this._perm).sort().map(function(i){ return "allow-"+i }).join(" "));
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]73 e.style.height = '0px';
74 e.setAttribute('name', this.id);
75 e.setAttribute('src', this.src);
76
77 this._load = e;
78 return e;
79 },
80
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]81 /**
82 * Send a message to the embedded service.
83 */
84 sendMsg : function (d) {
85 let iframe = this.load();
86 iframe.contentWindow.postMessage(
87 d,
88 '*'
89 ); // TODO: Fix origin
90 },
91
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]92 // onClose : function () {},
93
94 /**
95 * Close the service iframe.
96 */
97 _closeIframe : function () {
98 var e = this._load;
99 if (e && e.parentNode) {
100 e.parentNode.removeChild(e);
101 };
102 this._load = null;
103 }
104 };
105});