{"version":3,"file":"ext-xdomain-messaging.js","sources":["../../../src/editor/extensions/ext-xdomain-messaging.js"],"sourcesContent":["/**\n* Should not be needed for same domain control (just call via child frame),\n* but an API common for cross-domain and same domain use can be found\n* in embedapi.js with a demo at embedapi.html.\n*/\nexport default {\n name: 'xdomain-messaging',\n init () {\n const svgEditor = this;\n const svgCanvas = svgEditor.canvas;\n try {\n window.addEventListener('message', function (e) {\n // We accept and post strings for the sake of IE9 support\n if (!e.data || !['string', 'object'].includes(typeof e.data) || e.data.charAt() === '|') {\n return;\n }\n const data = typeof e.data === 'object' ? e.data : JSON.parse(e.data);\n if (!data || typeof data !== 'object' || data.namespace !== 'svgCanvas') {\n return;\n }\n // The default is not to allow any origins, including even the same domain or\n // if run on a `file:///` URL. See `svgedit-config-es.js` for an example of how\n // to configure\n const {allowedOrigins} = svgEditor.curConfig;\n if (!allowedOrigins.includes('*') && !allowedOrigins.includes(e.origin)) {\n console.log(`Origin ${e.origin} not whitelisted for posting to ${window.origin}`); // eslint-disable-line no-console\n return;\n }\n const cbid = data.id;\n const {name, args} = data;\n const message = {\n namespace: 'svg-edit',\n id: cbid\n };\n try {\n // Now that we know the origin is trusted, we perform otherwise\n // unsafe arbitrary canvas method execution\n message.result = svgCanvas[name](...args); // lgtm [js/remote-property-injection]\n } catch (err) {\n message.error = err.message;\n }\n e.source.postMessage(JSON.stringify(message), '*');\n });\n } catch (err) {\n console.log('Error with xdomain message listener: ' + err); // eslint-disable-line no-console\n }\n }\n};\n"],"names":["name","init","svgEditor","this","svgCanvas","canvas","window","addEventListener","e","data","includes","charAt","_typeof","JSON","parse","namespace","allowedOrigins","curConfig","origin","cbid","id","args","message","result","err","error","source","postMessage","stringify","console","log"],"mappings":"ktEAKA,MAAe,CACbA,KAAM,oBACNC,yBACQC,EAAYC,KACZC,EAAYF,EAAUG,WAE1BC,OAAOC,iBAAiB,WAAW,SAAUC,MAEtCA,EAAEC,MAAS,CAAC,SAAU,UAAUC,iBAAgBF,EAAEC,QAA6B,MAApBD,EAAEC,KAAKE,cAGjEF,EAAyB,WAAlBG,QAAOJ,EAAEC,MAAoBD,EAAEC,KAAOI,KAAKC,MAAMN,EAAEC,SAC3DA,GAAwB,WAAhBG,QAAOH,IAAwC,cAAnBA,EAAKM,eAMvCC,EAAkBd,EAAUe,UAA5BD,kBACFA,EAAeN,SAAS,MAASM,EAAeN,SAASF,EAAEU,aAI1DC,EAAOV,EAAKW,GACXpB,EAAcS,EAAdT,KAAMqB,EAAQZ,EAARY,KACPC,EAAU,CACdP,UAAW,WACXK,GAAID,OAKJG,EAAQC,OAASnB,EAAUJ,SAAVI,qBAAmBiB,IACpC,MAAOG,GACPF,EAAQG,MAAQD,EAAIF,QAEtBd,EAAEkB,OAAOC,YAAYd,KAAKe,UAAUN,GAAU,UAhB5CO,QAAQC,qBAActB,EAAEU,kDAAyCZ,OAAOY,cAkB5E,MAAOM,GACPK,QAAQC,IAAI,wCAA0CN"}