UNPKG

next-csrf

Version:

CSRF mitigation library for Next.js

49 lines (39 loc) 1.33 kB
import getContentDocument from './get-content-document'; import getWindow from './get-window'; import selectInShadows from './select-in-shadows'; var selector = void 0; function findDocumentHostElement(_window) { if (!selector) { selector = selectInShadows('object, iframe'); } if (_window._frameElement !== undefined) { return _window._frameElement; } _window._frameElement = null; var potentialHosts = _window.parent.document.querySelectorAll(selector); [].some.call(potentialHosts, function (element) { var _document = getContentDocument(element); if (_document !== _window.document) { return false; } _window._frameElement = element; return true; }); return _window._frameElement; } export default function getFrameElement(element) { var _window = getWindow(element); if (!_window.parent || _window.parent === _window) { // if there is no parent browsing context, // we're not going to get a frameElement either way return null; } try { // see https://developer.mozilla.org/en-US/docs/Web/API/Window/frameElement // does not work within <embed> anywhere, and not within in <object> in IE return _window.frameElement || findDocumentHostElement(_window); } catch (e) { return null; } } //# sourceMappingURL=get-frame-element.js.map