let iFrame = null;
-
+let lastApprovedOrigin;
let onInit, onSave;
/**
iFrame.setAttribute('class', 'fullscreen');
iFrame.style.backgroundColor = '#FFFFFF';
document.body.appendChild(iFrame);
+ lastApprovedOrigin = (new URL(drawioUrl)).origin;
}
function close() {
drawEventClose();
}
+/**
+ * Receive and handle a message event from the draw.io window.
+ * @param {MessageEvent} event
+ */
function drawReceive(event) {
if (!event.data || event.data.length < 1) return;
- let message = JSON.parse(event.data);
+ if (event.origin !== lastApprovedOrigin) return;
+
+ const message = JSON.parse(event.data);
if (message.event === 'init') {
drawEventInit();
} else if (message.event === 'exit') {
drawEventSave(message);
} else if (message.event === 'export') {
drawEventExport(message);
+ } else if (message.event === 'configure') {
+ drawEventConfigure();
}
}
});
}
+function drawEventConfigure() {
+ const config = {};
+ window.$events.emitPublic(iFrame, 'editor-drawio::configure', {config});
+ drawPostMessage({action: 'configure', config});
+}
+
function drawEventClose() {
window.removeEventListener('message', drawReceive);
if (iFrame) document.body.removeChild(iFrame);
}
function drawPostMessage(data) {
- iFrame.contentWindow.postMessage(JSON.stringify(data), '*');
+ iFrame.contentWindow.postMessage(JSON.stringify(data), lastApprovedOrigin);
}
async function upload(imageData, pageUploadedToId) {
projects / bookstack / blobdiff