Skip to content

C
coopwire-hypothesis
Commit 92e49748 authored by Sean Hammond's avatar Sean Hammond Committed by GitHub
Browse files
Options

Merge pull request #523 from hypothesis/chrome-iframe-workaround 

Work around Chrome bug causing sidebar to become invisible
parents 973bc4da 325741fb
Show whitespace changes
Inline Side-by-side
Showing with 76 additions and 0 deletions
src/sidebar/app.js
View file @ 92e49748
'use strict';
var addAnalytics = require('./ga');
var disableOpenerForExternalLinks = require('./util/disable-opener-for-external-links');
var getApiUrl = require('./get-api-url');
var serviceConfig = require('./service-config');
require('../shared/polyfills');
......@@ -30,6 +31,9 @@ settings.apiUrl = getApiUrl(settings);
// _before_ Angular is require'd for the first time.
document.body.setAttribute('ng-csp', '');
// Prevent tab-jacking.
disableOpenerForExternalLinks(document.body);
var angular = require('angular');
// autofill-event relies on the existence of window.angular so
......
src/sidebar/util/disable-opener-for-external-links.js 0 → 100644
View file @ 92e49748
'use strict';
/**
* Prevent windows or tabs opened via links under `root` from accessing their
* opening `Window`.
*
* This makes links with `target="blank"` attributes act as if they also had
* the `rel="noopener"` [1] attribute set.
*
* In addition to preventing tab-jacking [2], this also enables multi-process
* browsers to more easily use a new process for instances of Hypothesis in the
* newly-opened tab and works around a bug in Chrome [3]
*
* [1] https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types#noopener
* [2] https://mathiasbynens.github.io/rel-noopener/
* [3] https://bugs.chromium.org/p/chromium/issues/detail?id=753314
*
* @param {Element} root - Root element
*/
function disableOpenerForExternalLinks(root) {
root.addEventListener('click', event => {
if (event.target.tagName === 'A') {
var linkEl = event.target;
if (linkEl.target === '_blank') {
linkEl.rel = 'noopener';
}
}
});
}
module.exports = disableOpenerForExternalLinks;
src/sidebar/util/test/disable-opener-for-external-links-test.js 0 → 100644
View file @ 92e49748
'use strict';
var disableOpenerForExternalLinks = require('../disable-opener-for-external-links');
describe('sidebar.util.disable-opener-for-external-links', () => {
var containerEl;
var linkEl;
beforeEach(() => {
containerEl = document.createElement('div');
linkEl = document.createElement('a');
containerEl.appendChild(linkEl);
document.body.appendChild(containerEl);
});
afterEach(() => {
containerEl.remove();
});
function clickLink() {
linkEl.dispatchEvent(new Event('click', {
bubbles: true,
cancelable: true,
}));
}
it('disables opener for external links', () => {
linkEl.target = '_blank';
disableOpenerForExternalLinks(containerEl);
clickLink();
assert.equal(linkEl.rel, 'noopener');
});
it('does not disable opener for internal links', () => {
disableOpenerForExternalLinks(containerEl);
clickLink();
assert.equal(linkEl.rel, '');
});
});
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment