UNPKG

@locker/eslint-plugin-locker

Version:

Lightning Web Security ESLint rules

github.com/salesforce-experience-platform-emu/locker

salesforce-experience-platform-emu/locker

31 lines (20 loc) 1.21 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# Distorted window.frames Getter (distorted-window-frames-getter) For security the `window.frames` getter is distorted by Lightning Web Security. <!-- START generated embed: @locker/distortion/src/Window/docs/frames-getter.md --> ## window.frames getter The [`window.frames`](https://developer.mozilla.org/en-US/docs/Web/API/Window/frames) property returns an array-like object that lists all the `frame` and `iframe` elements in the current window. ```js frameList = window.frames; frameList === window; // evaluates to true (normally) ``` Lightning Web Security restricts access by distorting the `frameList` object returned, so that malicious code can't access `window` properties. ### Distorted Behavior This distortion returns an artificial `frameList` object that includes all `frame` and `iframe` elements in the document, in insertion order. The `frameList` object supports access by index value or name property value, as the native one does. However, the distorted `window.frames` doesn't allow access to `window` or provide proxy access to `window` properties. ```js framelist !== window; // evaluates to true with this distortion ``` <!-- END generated embed, please keep comment -->