X-Git-Url: http://source.bookstackapp.com/bookstack/blobdiff_plain/a6633642232efd164d4708967ab59e498fbff896..refs/heads/ldap_host_failover:/resources/js/services/drawio.js diff --git a/resources/js/services/drawio.js b/resources/js/services/drawio.js index 17e57cd6b..dfca83211 100644 --- a/resources/js/services/drawio.js +++ b/resources/js/services/drawio.js @@ -1,5 +1,5 @@ let iFrame = null; - +let lastApprovedOrigin; let onInit, onSave; /** @@ -19,15 +19,22 @@ function show(drawioUrl, onInitCallback, onSaveCallback) { iFrame.setAttribute('class', 'fullscreen'); iFrame.style.backgroundColor = '#FFFFFF'; document.body.appendChild(iFrame); + lastApprovedOrigin = (new URL(drawioUrl)).origin; } function close() { drawEventClose(); } +/** + * Receive and handle a message event from the draw.io window. + * @param {MessageEvent} event + */ function drawReceive(event) { if (!event.data || event.data.length < 1) return; - let message = JSON.parse(event.data); + if (event.origin !== lastApprovedOrigin) return; + + const message = JSON.parse(event.data); if (message.event === 'init') { drawEventInit(); } else if (message.event === 'exit') { @@ -36,6 +43,8 @@ function drawReceive(event) { drawEventSave(message); } else if (message.event === 'export') { drawEventExport(message); + } else if (message.event === 'configure') { + drawEventConfigure(); } } @@ -56,13 +65,19 @@ function drawEventInit() { }); } +function drawEventConfigure() { + const config = {}; + window.$events.emitPublic(iFrame, 'editor-drawio::configure', {config}); + drawPostMessage({action: 'configure', config}); +} + function drawEventClose() { window.removeEventListener('message', drawReceive); if (iFrame) document.body.removeChild(iFrame); } function drawPostMessage(data) { - iFrame.contentWindow.postMessage(JSON.stringify(data), '*'); + iFrame.contentWindow.postMessage(JSON.stringify(data), lastApprovedOrigin); } async function upload(imageData, pageUploadedToId) {