-
Notifications
You must be signed in to change notification settings - Fork 248
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
137 changed files
with
16,798 additions
and
14,864 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,15 +1,16 @@ | ||
/* @flow */ | ||
|
||
module.exports = { | ||
'extends': './node_modules/@krakenjs/grumbler-scripts/config/.eslintrc-browser.js', | ||
extends: | ||
"./node_modules/@krakenjs/grumbler-scripts/config/.eslintrc-browser.js", | ||
|
||
'globals': { | ||
__ZOID__: true, | ||
__POST_ROBOT__: true | ||
}, | ||
globals: { | ||
__ZOID__: true, | ||
__POST_ROBOT__: true, | ||
}, | ||
|
||
'rules': { | ||
'react/display-name': 'off', | ||
'react/prop-types': 'off' | ||
} | ||
}; | ||
rules: { | ||
"react/display-name": "off", | ||
"react/prop-types": "off", | ||
}, | ||
}; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,32 +1,32 @@ | ||
name: "publish to npm" | ||
on: workflow_dispatch | ||
jobs: | ||
main: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: ⬇️ Checkout repo | ||
uses: actions/checkout@v2 | ||
with: | ||
token: ${{ secrets.ACCESS_TOKEN }} | ||
fetch-depth: 0 | ||
main: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: ⬇️ Checkout repo | ||
uses: actions/checkout@v2 | ||
with: | ||
token: ${{ secrets.ACCESS_TOKEN }} | ||
fetch-depth: 0 | ||
|
||
- name: ⎔ Setup node | ||
# sets up the .npmrc file to publish to npm | ||
uses: actions/setup-node@v2 | ||
with: | ||
node-version: "14" | ||
registry-url: "https://registry.npmjs.org" | ||
- name: ⎔ Setup node | ||
# sets up the .npmrc file to publish to npm | ||
uses: actions/setup-node@v2 | ||
with: | ||
node-version: "14" | ||
registry-url: "https://registry.npmjs.org" | ||
|
||
- name: 📥 Download deps | ||
uses: bahmutov/npm-install@v1 | ||
with: | ||
useLockFile: false | ||
- name: 📥 Download deps | ||
uses: bahmutov/npm-install@v1 | ||
with: | ||
useLockFile: false | ||
|
||
- name: Configure git user | ||
run: | | ||
git config --global user.email ${{ github.actor }}@users.noreply.github.com | ||
git config --global user.name ${{ github.actor }} | ||
- name: ▶️ Run release | ||
run: npm run release | ||
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | ||
- name: Configure git user | ||
run: | | ||
git config --global user.email ${{ github.actor }}@users.noreply.github.com | ||
git config --global user.name ${{ github.actor }} | ||
- name: ▶️ Run release | ||
run: npm run release | ||
env: | ||
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
#!/bin/sh | ||
. "$(dirname "$0")/_/husky.sh" | ||
|
||
npx lint-staged |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
build | ||
dist | ||
coverage | ||
flow-typed | ||
test/lib/ | ||
CHANGELOG.md |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,27 @@ | ||
# Security Policy | ||
|
||
## How is Zoid secure? | ||
|
||
Zoid uses [Post Robot](https://github.com/krakenjs/post-robot) to do [post messaging](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage) between multiple domains. | ||
Zoid helps secure messaging through iframe sandboxing, domain validation, and data protection. | ||
- __Iframe sandboxing__ is a default browser feature that blocks others from accessing the data of your iframe instance. | ||
- __Domain Validation__ checks the domain of the connection made to the Zoid child component, if requested. If domains don’t match accepted domains the connect fails. This is to stop access to secure components. | ||
- __Data Protection__ is the way Zoid manages checking domains of where the data was sent from to help protect against malicious data being injected through events. | ||
|
||
- **Iframe sandboxing** is a default browser feature that blocks others from accessing the data of your iframe instance. | ||
- **Domain Validation** checks the domain of the connection made to the Zoid child component, if requested. If domains don’t match accepted domains the connect fails. This is to stop access to secure components. | ||
- **Data Protection** is the way Zoid manages checking domains of where the data was sent from to help protect against malicious data being injected through events. | ||
|
||
## Things Zoid does NOT protect against | ||
- __Clickjacking__ cannot be avoided. Even though the data is secure, the click is happening outside the scope of Zoid, therefore, Zoid cannot validate those actions. To learn more about __clickjacking__ read [this](https://en.wikipedia.org/wiki/Clickjacking). | ||
|
||
- **Clickjacking** cannot be avoided. Even though the data is secure, the click is happening outside the scope of Zoid, therefore, Zoid cannot validate those actions. To learn more about **clickjacking** read [this](https://en.wikipedia.org/wiki/Clickjacking). | ||
|
||
## Contact us | ||
|
||
We take security very seriously and ask that you follow the following process. | ||
If you think you may have found a security bug we ask that you privately send the details to DL-PP-Kraken-Js@paypal.com. Please make sure to use a descriptive title in the email. | ||
|
||
|
||
## Expectations | ||
We will generally get back to you within **24 hours**, but a more detailed response may take up to **48 hours**. If you feel we're not responding back in time, please send us a message *without detail* on Twitter [@kraken_js](https://twitter.com/kraken_js). | ||
|
||
We will generally get back to you within **24 hours**, but a more detailed response may take up to **48 hours**. If you feel we're not responding back in time, please send us a message _without detail_ on Twitter [@kraken_js](https://twitter.com/kraken_js). | ||
|
||
## History | ||
|
||
No reported issues |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,46 +1,46 @@ | ||
<!DOCTYPE html> | ||
|
||
<head> | ||
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-material-design/4.0.2/bootstrap-material-design.css" /> | ||
<link rel="stylesheet" href="../../common/index.css" /> | ||
|
||
<script src="../../../dist/zoid.js"></script> | ||
<script src="./login.js"></script> | ||
<link | ||
rel="stylesheet" | ||
href="https://cdnjs.cloudflare.com/ajax/libs/bootstrap-material-design/4.0.2/bootstrap-material-design.css" | ||
/> | ||
<link rel="stylesheet" href="../../common/index.css" /> | ||
|
||
<script src="../../../dist/zoid.js"></script> | ||
<script src="./login.js"></script> | ||
</head> | ||
|
||
<body> | ||
<h3>Log in on xyz.com</h3> | ||
|
||
<h3>Log in on xyz.com</h3> | ||
|
||
<input id="email" placeholder="Custom Email" /> | ||
<br /><br /> | ||
|
||
<div id="container"></div> | ||
<input id="email" placeholder="Custom Email" /> | ||
<br /><br /> | ||
|
||
<div id="result"></div> | ||
<div id="container"></div> | ||
|
||
<script> | ||
<div id="result"></div> | ||
|
||
// Render the component | ||
<script> | ||
// Render the component | ||
|
||
var instance = MyLoginZoidComponent({ | ||
var instance = MyLoginZoidComponent({ | ||
prefilledEmail: "foo@bar.com", | ||
|
||
prefilledEmail: 'foo@bar.com', | ||
onLogin: function (email) { | ||
console.log("User logged in with email:", email); | ||
document.querySelector("#result").innerText = email + " logged in!"; | ||
}, | ||
}); | ||
|
||
onLogin: function(email) { | ||
console.log('User logged in with email:', email); | ||
document.querySelector('#result').innerText = email + ' logged in!'; | ||
} | ||
instance.render("#container"); | ||
|
||
document | ||
.querySelector("#email") | ||
.addEventListener("keyup", function (event) { | ||
instance.updateProps({ | ||
prefilledEmail: event.target.value, | ||
}); | ||
|
||
instance.render('#container'); | ||
|
||
document.querySelector('#email').addEventListener('keyup', function(event) { | ||
instance.updateProps({ | ||
prefilledEmail: event.target.value | ||
}); | ||
}); | ||
</script> | ||
|
||
}); | ||
</script> | ||
</body> |
Oops, something went wrong.