next-csrf
Version:
CSRF mitigation library for Next.js
34 lines (28 loc) • 1.17 kB
JavaScript
function makeFocusableForeignObject() {
var fragment = document.createElement('div');
fragment.innerHTML = '<svg><foreignObject width="30" height="30">\n <input type="text"/>\n </foreignObject></svg>';
return fragment.firstChild.firstChild;
}
export default function (element) {
// Edge13, Edge14: foreignObject focus hack
// https://jsbin.com/kunehinugi/edit?html,js,output
// https://jsbin.com/fajagi/3/edit?html,js,output
var isSvgElement = element.ownerSVGElement || element.nodeName.toLowerCase() === 'svg';
if (!isSvgElement) {
return false;
}
// inject and focus an <input> element into the SVG element to receive focus
var foreignObject = makeFocusableForeignObject();
element.appendChild(foreignObject);
var input = foreignObject.querySelector('input');
input.focus();
// upon disabling the activeElement, IE and Edge
// will not shift focus to <body> like all the other
// browsers, but instead find the first focusable
// ancestor and shift focus to that
input.disabled = true;
// clean up
element.removeChild(foreignObject);
return true;
}
//# sourceMappingURL=focus.svg-foreign-object-hack.js.map