macchiato
/
pages
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

support custom csp and nested sandboxes

Browse Source
file-group-page
bat 3 years ago
parent 598ee5079b
commit d5a477b534
2 changed files with 27 additions and 22 deletions
Show Stats Download Patch File Download Diff File

24
components/layout.js
Unescape Escape View File

@ -2,18 +2,9 @@ export class Layout extends HTMLElement {
constructor() { constructor() {
super() super()
this.attachShadow({mode: 'open'}) this.attachShadow({mode: 'open'})
this.header = document.createElement('m-header') this.csp = "default-src 'self' 'unsafe-inline' 'unsafe-eval'"
this.editing = false this.editing = false
this.header.editing = this.editing this.header = document.createElement('m-header')
this.header.addEventListener('click-edit', () => {
this.editing = !this.editing
this.header.editing = this.editing
})
this.shadowRoot.appendChild(this.header)
this.load()
addEventListener('hashchange', () => {
this.load()
})
} }
connectedCallback() { connectedCallback() {
@ -30,12 +21,23 @@ export class Layout extends HTMLElement {
} }
` `
this.shadowRoot.appendChild(style) this.shadowRoot.appendChild(style)
this.header.editing = this.editing
this.header.addEventListener('click-edit', () => {
this.editing = !this.editing
this.header.editing = this.editing
})
this.shadowRoot.appendChild(this.header)
this.load()
addEventListener('hashchange', () => {
this.load()
})
} }
load() { load() {
const path = this.path const path = this.path
const prevPage = this.page const prevPage = this.page
this.page = document.createElement('m-page') this.page = document.createElement('m-page')
this.page.csp = this.csp
this.page.path = path this.page.path = path
if (prevPage !== undefined) { if (prevPage !== undefined) {
prevPage.remove() prevPage.remove()

13
components/page.js
Unescape Escape View File

@ -35,6 +35,7 @@ export class Page extends HTMLElement {
constructor() { constructor() {
super() super()
const shadow = this.attachShadow({mode: 'open'}) const shadow = this.attachShadow({mode: 'open'})
this.csp = "default-src 'self' 'unsafe-inline' 'unsafe-eval'"
this.textArea = document.createElement('textarea') this.textArea = document.createElement('textarea')
this.textArea.addEventListener('input', e => { this.textArea.addEventListener('input', e => {
this.body = e.target.value this.body = e.target.value
@ -80,16 +81,18 @@ export class Page extends HTMLElement {
const wrap = document.createElement('div') const wrap = document.createElement('div')
this.shadowRoot.appendChild(wrap) this.shadowRoot.appendChild(wrap)
const tmp = document.createElement('iframe') const tmp = document.createElement('iframe')
if (this.csp !== undefined) {
tmp.sandbox = "allow-same-origin allow-scripts" tmp.sandbox = "allow-same-origin allow-scripts"
const url = new URL( const url = new URL(
'/-/frame', location.href '/-/frame', location.href
) )
url.searchParams.set( url.searchParams.set('csp', this.csp)
'csp',
"default-src 'self' 'unsafe-inline' 'unsafe-eval'"
)
url.searchParams.set('html', frameHtml) url.searchParams.set('html', frameHtml)
tmp.src = url.href tmp.src = url.href
} else {
tmp.sandbox = "allow-scripts"
tmp.srcdoc = frameHtml
}
wrap.insertAdjacentHTML( wrap.insertAdjacentHTML(
'beforeend', tmp.outerHTML 'beforeend', tmp.outerHTML
) )
@ -97,7 +100,7 @@ export class Page extends HTMLElement {
this.frame = frames[frames.length - 1] this.frame = frames[frames.length - 1]
this.textArea.addEventListener('blur', e => { this.textArea.addEventListener('blur', e => {
const msg = ['srcdoc', e.target.value] const msg = ['srcdoc', e.target.value]
this.frame.contentWindow.postMessage(msg) this.frame.contentWindow.postMessage(msg, '*')
}) })
} }

Write Preview
Loading…
Cancel
Save