Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / dbf7baef440ea787e6680651444f7fb59ab78cce / . / dev / js / src / plugin / service.js
blob: 4c91f6abeed8843b8f420ba58657997fb70ac22f [file] [log] [blame]
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]1define(function () {
2 "use strict";
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]3
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]4 // Limit the supported sandbox permissions, especially
5 // to disallow 'same-origin'.
6 let allowed = {
7 "scripts" : 1,
8 "presentation" : 1,
9 "forms": 1,
10 "downloads-without-user-activation" : 1,
11 "downloads" : 1
12 };
13
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]14 return {
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]15 create : function (data) {
16 return Object.create(this)._init(data);
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]17 },
18
19 // Initialize service
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]20 _init : function (data) {
21 if (!data || !data["name"] || !data["src"] || !data["id"])
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]22 throw Error("Service not well defined");
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]23
24 this.name = data["name"];
25 this.src = data["src"];
26 this.id = data["id"];
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]27 let _perm = new Set();
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]28 let perm = data["permissions"];
29 if (perm && Array.isArray(perm)) {
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]30 perm.forEach(function (p) {
31 if (p in allowed) {
32 _perm.add(p)
33 }
34 else {
35 KorAP.log(0, "Requested permission not allowed");
36 }
37 });
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]38 };
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]39
40 this._perm = _perm;
Akronfb11a962020-10-05 12:12:55 +0200[diff] [blame]41
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]42 // There is no close method defined yet
43 if (!this.close) {
44 this.close = function () {
45 this._closeIframe();
46 }
47 }
48
49 return this;
50 },
51
52 /**
53 * The element of the service as embedded in the panel
54 */
55 load : function () {
56 if (this._load)
57 return this._load;
Akron24f48ea2020-07-01 09:37:19 +0200[diff] [blame]58
59 if (window.location.protocol == 'https:' &&
60 this.src.toLowerCase().indexOf('https:') != 0) {
61 KorAP.log(0, "Service endpoint is insecure");
62 return;
63 };
64
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]65 // Spawn new iframe
66 let e = document.createElement('iframe');
67 e.setAttribute('allowTransparency',"true");
68 e.setAttribute('frameborder', 0);
hebasta78913242020-03-30 13:39:20 +0200[diff] [blame]69 // Allow forms in Plugins
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]70 e.setAttribute('sandbox', Array.from(this._perm).sort().map(function(i){ return "allow-"+i }).join(" "));
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]71 e.style.height = '0px';
72 e.setAttribute('name', this.id);
73 e.setAttribute('src', this.src);
74
75 this._load = e;
76 return e;
77 },
78
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]79 /**
80 * Send a message to the embedded service.
81 */
82 sendMsg : function (d) {
83 let iframe = this.load();
84 iframe.contentWindow.postMessage(
85 d,
86 '*'
87 ); // TODO: Fix origin
88 },
89
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]90 // onClose : function () {},
91
92 /**
93 * Close the service iframe.
94 */
95 _closeIframe : function () {
96 var e = this._load;
97 if (e && e.parentNode) {
98 e.parentNode.removeChild(e);
99 };
100 this._load = null;
101 }
102 };
103});