Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / f134a963ec04a9f43ba5ba2b82e8da79869a18a8 / . / dev / js / src / plugin / service.js
blob: d6af83e449442733617997c066572179d1b3d309 [file] [log] [blame]
Akrone51eaa32020-11-10 09:35:53 +0100[diff] [blame]1"use strict";
2
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]3define(function () {
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]4
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]5 // Limit the supported sandbox permissions, especially
6 // to disallow 'same-origin'.
7 let allowed = {
8 "scripts" : 1,
9 "presentation" : 1,
10 "forms": 1,
11 "downloads-without-user-activation" : 1,
Akron8f1dbcf2022-12-21 12:09:39 +0100[diff] [blame]12 "downloads" : 1,
13 "popups" : 1
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]14 };
15
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]16 return {
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]17 create : function (data) {
18 return Object.create(this)._init(data);
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]19 },
20
21 // Initialize service
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]22 _init : function (data) {
23 if (!data || !data["name"] || !data["src"] || !data["id"])
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]24 throw Error("Service not well defined");
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]25
26 this.name = data["name"];
27 this.src = data["src"];
28 this.id = data["id"];
Akron3d013802020-10-07 15:03:38 +0200[diff] [blame]29 this.desc = data["desc"];
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]30 let _perm = new Set();
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]31 let perm = data["permissions"];
32 if (perm && Array.isArray(perm)) {
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]33 perm.forEach(function (p) {
34 if (p in allowed) {
35 _perm.add(p)
36 }
37 else {
38 KorAP.log(0, "Requested permission not allowed");
39 }
40 });
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]41 };
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]42
43 this._perm = _perm;
Akronfb11a962020-10-05 12:12:55 +0200[diff] [blame]44
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]45 // There is no close method defined yet
46 if (!this.close) {
47 this.close = function () {
48 this._closeIframe();
49 }
50 }
51
52 return this;
53 },
54
55 /**
56 * The element of the service as embedded in the panel
57 */
58 load : function () {
59 if (this._load)
60 return this._load;
Akron24f48ea2020-07-01 09:37:19 +0200[diff] [blame]61
62 if (window.location.protocol == 'https:' &&
63 this.src.toLowerCase().indexOf('https:') != 0) {
64 KorAP.log(0, "Service endpoint is insecure");
65 return;
66 };
67
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]68 // Spawn new iframe
69 let e = document.createElement('iframe');
70 e.setAttribute('allowTransparency',"true");
71 e.setAttribute('frameborder', 0);
hebasta78913242020-03-30 13:39:20 +0200[diff] [blame]72 // Allow forms in Plugins
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]73 e.setAttribute('sandbox', Array.from(this._perm).sort().map(function(i){ return "allow-"+i }).join(" "));
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]74 e.style.height = '0px';
75 e.setAttribute('name', this.id);
76 e.setAttribute('src', this.src);
77
78 this._load = e;
79 return e;
80 },
81
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]82 /**
83 * Send a message to the embedded service.
84 */
85 sendMsg : function (d) {
86 let iframe = this.load();
87 iframe.contentWindow.postMessage(
88 d,
89 '*'
90 ); // TODO: Fix origin
91 },
92
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]93 // onClose : function () {},
94
95 /**
96 * Close the service iframe.
97 */
98 _closeIframe : function () {
99 var e = this._load;
100 if (e && e.parentNode) {
101 e.parentNode.removeChild(e);
102 };
103 this._load = null;
104 }
105 };
106});