Commit 4dff8d67 authored by Juan Corona's avatar Juan Corona Committed by Juan Corona

Pass the config object from the top to the lower sub-frame levels

This means that sub-frames will get injected with the same set of whitelisted config values from the top level.
It’s good that there’s a whitelisting of the config before reaching this point, so there’s less of a security concern with the injection

This was done so I can have the sub-frame guests read the `config.showHighlights` option in order to set the initial highlight visibility at that level.
parent 2fc675f6
......@@ -83,8 +83,7 @@ module.exports = class Guest extends Delegator
this.anchors = []
cfOptions =
enableMultiFrameSupport: config.enableMultiFrameSupport
embedScriptUrl: config.embedScriptUrl
config: config
on: (event, handler) =>
this.subscribe(event, handler)
emit: (event, args...) =>
......
......@@ -22,6 +22,7 @@ module.exports = class CrossFrame extends Plugin
constructor: (elem, options) ->
super
config = options.config
opts = extract(options, 'server')
discovery = new Discovery(window, opts)
......@@ -36,7 +37,7 @@ module.exports = class CrossFrame extends Plugin
bridge.createChannel(source, origin, token)
discovery.startDiscovery(onDiscoveryCallback)
if options.enableMultiFrameSupport
if config.enableMultiFrameSupport
frameObserver.observe(_injectToFrame, _iframeUnloaded);
this.destroy = ->
......@@ -60,8 +61,11 @@ module.exports = class CrossFrame extends Plugin
_injectToFrame = (frame) ->
if !FrameUtil.hasHypothesis(frame)
# Take the embed script location from the config
# until an alternative solution comes around.
embedScriptUrl = config.embedScriptUrl
FrameUtil.isLoaded frame, () ->
FrameUtil.injectHypothesis(frame, options.embedScriptUrl)
FrameUtil.injectHypothesis(frame, embedScriptUrl, config)
_iframeUnloaded = (frame) ->
# TODO: Bridge call here not yet implemented, placeholder for now
......
......@@ -16,6 +16,7 @@ describe 'CrossFrame', ->
createCrossFrame = (options) ->
defaults =
config: {}
on: sandbox.stub()
emit: sandbox.stub()
element = document.createElement('div')
......
......@@ -39,8 +39,10 @@ describe('CrossFrame multi-frame scenario', function () {
document.body.appendChild(container);
options = {
enableMultiFrameSupport: true,
embedScriptUrl: 'data:,', // empty data uri
config: {
enableMultiFrameSupport: true,
embedScriptUrl: 'data:,', // empty data uri
},
on: sandbox.stub(),
emit: sandbox.stub(),
};
......@@ -110,7 +112,7 @@ describe('CrossFrame multi-frame scenario', function () {
isLoaded(frame, function () {
var scriptElement = frame.contentDocument.querySelector('script[src]');
assert(scriptElement, 'expected embed script to be injected');
assert.equal(scriptElement.src, options.embedScriptUrl,
assert.equal(scriptElement.src, options.config.embedScriptUrl,
'unexpected embed script source');
resolve();
});
......
......@@ -12,20 +12,21 @@ function hasHypothesis (iframe) {
}
// Inject embed.js into the iframe
function injectHypothesis (iframe, scriptUrl) {
var config = document.createElement('script');
config.className = 'js-hypothesis-config';
config.type = 'application/json';
config.innerText = '{"enableMultiFrameSupport": true, "subFrameInstance": true}';
function injectHypothesis (iframe, scriptUrl, config) {
var configElement = document.createElement('script');
configElement.className = 'js-hypothesis-config';
configElement.type = 'application/json';
var configObject = Object.assign({}, config, {subFrameInstance: true});
configElement.innerText = JSON.stringify(configObject);
var src = scriptUrl;
var embed = document.createElement('script');
embed.className = 'js-hypothesis-embed';
embed.async = true;
embed.src = src;
var embedElement = document.createElement('script');
embedElement.className = 'js-hypothesis-embed';
embedElement.async = true;
embedElement.src = src;
iframe.contentDocument.body.appendChild(config);
iframe.contentDocument.body.appendChild(embed);
iframe.contentDocument.body.appendChild(configElement);
iframe.contentDocument.body.appendChild(embedElement);
}
// Check if we can access this iframe's document
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment