Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
C
coopwire-hypothesis
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
孙灵跃 Leon Sun
coopwire-hypothesis
Commits
92e49748
Commit
92e49748
authored
Sep 05, 2017
by
Sean Hammond
Committed by
GitHub
Sep 05, 2017
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #523 from hypothesis/chrome-iframe-workaround
Work around Chrome bug causing sidebar to become invisible
parents
973bc4da
325741fb
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
76 additions
and
0 deletions
+76
-0
app.js
src/sidebar/app.js
+4
-0
disable-opener-for-external-links.js
src/sidebar/util/disable-opener-for-external-links.js
+31
-0
disable-opener-for-external-links-test.js
...debar/util/test/disable-opener-for-external-links-test.js
+41
-0
No files found.
src/sidebar/app.js
View file @
92e49748
'use strict'
;
'use strict'
;
var
addAnalytics
=
require
(
'./ga'
);
var
addAnalytics
=
require
(
'./ga'
);
var
disableOpenerForExternalLinks
=
require
(
'./util/disable-opener-for-external-links'
);
var
getApiUrl
=
require
(
'./get-api-url'
);
var
getApiUrl
=
require
(
'./get-api-url'
);
var
serviceConfig
=
require
(
'./service-config'
);
var
serviceConfig
=
require
(
'./service-config'
);
require
(
'../shared/polyfills'
);
require
(
'../shared/polyfills'
);
...
@@ -30,6 +31,9 @@ settings.apiUrl = getApiUrl(settings);
...
@@ -30,6 +31,9 @@ settings.apiUrl = getApiUrl(settings);
// _before_ Angular is require'd for the first time.
// _before_ Angular is require'd for the first time.
document
.
body
.
setAttribute
(
'ng-csp'
,
''
);
document
.
body
.
setAttribute
(
'ng-csp'
,
''
);
// Prevent tab-jacking.
disableOpenerForExternalLinks
(
document
.
body
);
var
angular
=
require
(
'angular'
);
var
angular
=
require
(
'angular'
);
// autofill-event relies on the existence of window.angular so
// autofill-event relies on the existence of window.angular so
...
...
src/sidebar/util/disable-opener-for-external-links.js
0 → 100644
View file @
92e49748
'use strict'
;
/**
* Prevent windows or tabs opened via links under `root` from accessing their
* opening `Window`.
*
* This makes links with `target="blank"` attributes act as if they also had
* the `rel="noopener"` [1] attribute set.
*
* In addition to preventing tab-jacking [2], this also enables multi-process
* browsers to more easily use a new process for instances of Hypothesis in the
* newly-opened tab and works around a bug in Chrome [3]
*
* [1] https://developer.mozilla.org/en-US/docs/Web/HTML/Link_types#noopener
* [2] https://mathiasbynens.github.io/rel-noopener/
* [3] https://bugs.chromium.org/p/chromium/issues/detail?id=753314
*
* @param {Element} root - Root element
*/
function
disableOpenerForExternalLinks
(
root
)
{
root
.
addEventListener
(
'click'
,
event
=>
{
if
(
event
.
target
.
tagName
===
'A'
)
{
var
linkEl
=
event
.
target
;
if
(
linkEl
.
target
===
'_blank'
)
{
linkEl
.
rel
=
'noopener'
;
}
}
});
}
module
.
exports
=
disableOpenerForExternalLinks
;
src/sidebar/util/test/disable-opener-for-external-links-test.js
0 → 100644
View file @
92e49748
'use strict'
;
var
disableOpenerForExternalLinks
=
require
(
'../disable-opener-for-external-links'
);
describe
(
'sidebar.util.disable-opener-for-external-links'
,
()
=>
{
var
containerEl
;
var
linkEl
;
beforeEach
(()
=>
{
containerEl
=
document
.
createElement
(
'div'
);
linkEl
=
document
.
createElement
(
'a'
);
containerEl
.
appendChild
(
linkEl
);
document
.
body
.
appendChild
(
containerEl
);
});
afterEach
(()
=>
{
containerEl
.
remove
();
});
function
clickLink
()
{
linkEl
.
dispatchEvent
(
new
Event
(
'click'
,
{
bubbles
:
true
,
cancelable
:
true
,
}));
}
it
(
'disables opener for external links'
,
()
=>
{
linkEl
.
target
=
'_blank'
;
disableOpenerForExternalLinks
(
containerEl
);
clickLink
();
assert
.
equal
(
linkEl
.
rel
,
'noopener'
);
});
it
(
'does not disable opener for internal links'
,
()
=>
{
disableOpenerForExternalLinks
(
containerEl
);
clickLink
();
assert
.
equal
(
linkEl
.
rel
,
''
);
});
});
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment