@lvce-editor/iframe-worker 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/iframeWorkerMain.js +88 -2
  2. package/package.json +1 -1
package/dist/iframeWorkerMain.js CHANGED
@@ -1,3 +1,22 @@
1
+ const SemiColon = ';';
2
+ const Space = ' ';
3
+
4
+ const addSemicolon = line => {
5
+ return line + SemiColon;
6
+ };
7
+
8
+ const getContentSecurityPolicy = items => {
9
+ return items.map(addSemicolon).join(Space);
10
+ };
11
+
12
+ const getWebViewCsp = webView => {
13
+ if (webView && webView.contentSecurityPolicy) {
14
+ return getContentSecurityPolicy(webView.contentSecurityPolicy);
15
+ }
16
+ const csp = getContentSecurityPolicy([`default-src 'none'`, `script-src 'self'`, `style-src 'self'`, `img-src 'self'`, `media-src 'self'`]);
17
+ return csp;
18
+ };
19
+
1
20
  const createUrl = (protocol, host) => {
2
21
  return protocol + '//' + host;
3
22
  };
@@ -7,6 +26,70 @@ const getWebViewFrameAncestors = (locationProtocol, locationHost) => {
7
26
  return frameAncestors;
8
27
  };
9
28
 
29
+ const Web = 1;
30
+ const Electron = 2;
31
+ const Remote = 3;
32
+ const Test = 4;
33
+
34
+ /* istanbul ignore file */
35
+
36
+ // TODO this should always be completely tree shaken out during build, maybe need to be marked as @__Pure for terser to work
37
+
38
+ // TODO treeshake this function out when targeting electron
39
+
40
+ /**
41
+ * @returns {number}
42
+ */
43
+ const getPlatform = () => {
44
+ // @ts-ignore
45
+ if (typeof PLATFORM !== 'undefined') {
46
+ // @ts-ignore
47
+ return PLATFORM;
48
+ }
49
+ if (typeof process !== 'undefined' && process.env.NODE_ENV === 'test') {
50
+ return Test;
51
+ }
52
+ // TODO find a better way to pass runtime environment
53
+ if (typeof name !== 'undefined' && name.endsWith('(Electron)')) {
54
+ return Electron;
55
+ }
56
+ if (typeof name !== 'undefined' && name.endsWith('(Web)')) {
57
+ return Web;
58
+ }
59
+ return Remote;
60
+ };
61
+ const platform = getPlatform();
62
+
63
+ const WebView = 'lvce-oss-webview';
64
+
65
+ const getWebViewOrigin = webViewPort => {
66
+ // TODO don't hardcode protocol
67
+ let origin = '';
68
+ if (platform === Electron) {
69
+ origin = `${WebView}://-/`;
70
+ } else if (platform === Remote) {
71
+ origin = `http://localhost:${webViewPort}`;
72
+ } else {
73
+ origin = '*'; // TODO
74
+ }
75
+ return origin;
76
+ };
77
+
78
+ const AllowScripts = 'allow-scripts';
79
+ const AllowSameOrigin = 'allow-same-origin';
80
+
81
+ const getIframeSandbox = (webView, platform) => {
82
+ const extensionSandbox = webView.sandbox || [];
83
+ if (platform === Remote) {
84
+ return [AllowScripts, AllowSameOrigin, ...extensionSandbox]; // TODO maybe disallow same origin
85
+ }
86
+ if (platform === Web) {
87
+ return [AllowScripts, ...extensionSandbox];
88
+ }
89
+ // TODO set something for electron
90
+ return [...extensionSandbox];
91
+ };
92
+
10
93
  const getOrigin = () => {
11
94
  return location.origin;
12
95
  };
@@ -18,10 +101,13 @@ const getProtocol = () => {
18
101
  };
19
102
 
20
103
  const commandMap = {
21
- 'Location.getProtocol': getProtocol,
22
104
  'Location.getHost': getHost,
23
105
  'Location.getOrigin': getOrigin,
24
- 'WebView.getFrameAncestors': getWebViewFrameAncestors
106
+ 'Location.getProtocol': getProtocol,
107
+ 'WebView.getFrameAncestors': getWebViewFrameAncestors,
108
+ 'WebView.getOrigin': getWebViewOrigin,
109
+ 'WebView.getSandbox': getIframeSandbox,
110
+ 'WebView.getWebViewCsp': getWebViewCsp
25
111
  };
26
112
 
27
113
  const state = {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lvce-editor/iframe-worker",
3
- "version": "1.0.0",
3
+ "version": "1.1.0",
4
4
  "description": "",
5
5
  "main": "dist/iframeWorkerMain.js",
6
6
  "type": "module",