Gitiles
Code Review Sign In
korap.ids-mannheim.de / KorAP / Kalamar / ff1b1f378634022838a4f8ef921f73da14704b9e / . / dev / js / src / plugin / service.js
blob: 3a39c4d75b01feabe1cf899db396f4e5760d4a4b [file] [log] [blame]
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]1define(function () {
2 "use strict";
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]3
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]4 // Limit the supported sandbox permissions, especially
5 // to disallow 'same-origin'.
6 let allowed = {
7 "scripts" : 1,
8 "presentation" : 1,
9 "forms": 1,
10 "downloads-without-user-activation" : 1,
11 "downloads" : 1
12 };
13
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]14 return {
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]15 create : function (data) {
16 return Object.create(this)._init(data);
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]17 },
18
19 // Initialize service
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]20 _init : function (data) {
21 if (!data || !data["name"] || !data["src"] || !data["id"])
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]22 throw Error("Service not well defined");
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]23
24 this.name = data["name"];
25 this.src = data["src"];
26 this.id = data["id"];
Akron3d013802020-10-07 15:03:38 +0200[diff] [blame]27 this.desc = data["desc"];
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]28 let _perm = new Set();
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]29 let perm = data["permissions"];
30 if (perm && Array.isArray(perm)) {
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]31 perm.forEach(function (p) {
32 if (p in allowed) {
33 _perm.add(p)
34 }
35 else {
36 KorAP.log(0, "Requested permission not allowed");
37 }
38 });
Akronbb891982020-10-05 16:07:18 +0200[diff] [blame]39 };
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]40
41 this._perm = _perm;
Akronfb11a962020-10-05 12:12:55 +0200[diff] [blame]42
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]43 // There is no close method defined yet
44 if (!this.close) {
45 this.close = function () {
46 this._closeIframe();
47 }
48 }
49
50 return this;
51 },
52
53 /**
54 * The element of the service as embedded in the panel
55 */
56 load : function () {
57 if (this._load)
58 return this._load;
Akron24f48ea2020-07-01 09:37:19 +0200[diff] [blame]59
60 if (window.location.protocol == 'https:' &&
61 this.src.toLowerCase().indexOf('https:') != 0) {
62 KorAP.log(0, "Service endpoint is insecure");
63 return;
64 };
65
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]66 // Spawn new iframe
67 let e = document.createElement('iframe');
68 e.setAttribute('allowTransparency',"true");
69 e.setAttribute('frameborder', 0);
hebasta78913242020-03-30 13:39:20 +0200[diff] [blame]70 // Allow forms in Plugins
Akronce0d8822020-10-05 16:25:40 +0200[diff] [blame]71 e.setAttribute('sandbox', Array.from(this._perm).sort().map(function(i){ return "allow-"+i }).join(" "));
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]72 e.style.height = '0px';
73 e.setAttribute('name', this.id);
74 e.setAttribute('src', this.src);
75
76 this._load = e;
77 return e;
78 },
79
Akronc3003642020-03-30 10:19:14 +0200[diff] [blame]80 /**
81 * Send a message to the embedded service.
82 */
83 sendMsg : function (d) {
84 let iframe = this.load();
85 iframe.contentWindow.postMessage(
86 d,
87 '*'
88 ); // TODO: Fix origin
89 },
90
Akron22598cd2019-12-09 14:59:03 +0100[diff] [blame]91 // onClose : function () {},
92
93 /**
94 * Close the service iframe.
95 */
96 _closeIframe : function () {
97 var e = this._load;
98 if (e && e.parentNode) {
99 e.parentNode.removeChild(e);
100 };
101 this._load = null;
102 }
103 };
104});