Commit 3e8d9d68 authored by Alejandro Celaya's avatar Alejandro Celaya Committed by Alejandro Celaya

Add noop setter to sidebar iframe allow attribute

parent ef21b690
...@@ -89,9 +89,12 @@ export function createSidebarIframe(config: SidebarConfig): HTMLIFrameElement { ...@@ -89,9 +89,12 @@ export function createSidebarIframe(config: SidebarConfig): HTMLIFrameElement {
// In viahtml, pywb uses wombat.js, which monkey-patches some JS methods. // In viahtml, pywb uses wombat.js, which monkey-patches some JS methods.
// One of those causes the `allow` attribute to be overwritten, so we want to // One of those causes the `allow` attribute to be overwritten, so we want to
// make it non-writable to preserve the permissions we set above. // define a noop setter to preserve the permissions we set above.
// We can remove this workaround once pywb has been updated to use the latest
// version of wombat.js, which includes a fix for this.
// See https://github.com/webrecorder/wombat/pull/134
return Object.defineProperty(sidebarFrame, 'allow', { return Object.defineProperty(sidebarFrame, 'allow', {
writable: false, set: () => {},
}); });
} }
......
...@@ -1142,10 +1142,11 @@ describe('Sidebar', () => { ...@@ -1142,10 +1142,11 @@ describe('Sidebar', () => {
describe('createSidebarIframe', () => { describe('createSidebarIframe', () => {
it('does not let `allow` attribute to be overwritten', () => { it('does not let `allow` attribute to be overwritten', () => {
const iframe = createSidebarIframe({ sidebarAppUrl: 'https://foo.com' }); const iframe = createSidebarIframe({ sidebarAppUrl: 'https://foo.com' });
const initialAllow = iframe.allow;
assert.throws(() => {
iframe.allow = 'something else'; iframe.allow = 'something else';
}, "Cannot assign to read only property 'allow' of object '#<HTMLIFrameElement>'");
assert.equal(iframe.allow, initialAllow);
}); });
}); });
}); });
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment