Research
Security News
Quasar RAT Disguised as an npm Package for Detecting Vulnerabilities in Ethereum Smart Contracts
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
@krakenjs/cross-domain-utils
Advanced tools
A set of utilities for dealing with cross-domain windows
As of version 3 this package will be published under the @krakenjs
scope.
npm install @krakenjs/cross-domain-utils
getDomain(win : Window) => string
Get the full domain of the specified window, as a string.
win
must be a window on the same domain as the current window, or an exception will be raisedwin.mockDomain = 'mock://some-domain.com';
. mock://
is required to ensure the window can not spoof actual http://
or https://
domainsgetDomainFromUrl(url : string) => string
Get the full domain from the specified url, as a string.
http://
, https://
, file://
, and additionally mock://
urls)getDomain
using the current window as inputgetActualDomain(win : Window) => string
Same as getDomain
but overriding / mocking is disabled. it will return the real full domain of the specified window.
isBlankDomain(win : Window) => boolean
Returns if the domain for the specified window is blank, or about:blank
win
must be a window on the same domain as the current window, or an exception will be raisedwin
may be a window or iframe that has been newly opened by the current windowisSameDomain(win : Window) => boolean
Returns if the specified window is on the same domain as the current window.
try/catch
still raises a console warning.getParent(win : Window) => ?Window
Gets the parent of the specified window, if the window has a parent.
getOpener(win : Window) => ?Window
Gets the opener of the specified window, if the window has an opener.
window.open
getParents(win : Window) => Array<Window>
Gets all of the hierarchical parents of the specified window.
isAncestorParent(ancestor : Window, win : Window) => boolean
Returns true if the ancestor
is a direct or non-direct parent of the specified window.
getFrames(win : Window) => Array<Window>
Returns an array of all direct child frames found in a given window.
getAllChildFrames(win : Window) => Array<Window>
Returns an array of all recursive child frames found in a given window, and in the child-frames of that window.
getTop(win : Window) => Window
Gets the top-level parent of the specified window.
getAllFramesInWindow(win : Window) => Array<Window>
Returns an array of all recursive child frames found in a given window, and in the child-frames of that window, including the specified window.
isTop(win : Window) => boolean
Returns true if the specified window is the top level window, without any parents.
isFrameWindowClosed(frame : HTMLIFrameElement) => boolean
Returns true if the window attached to an iframe element is closed, by checking if the frame is still attached to an open document.
isWindowClosed
when possibleisWindowClosed(win : Window) => boolean
Returns true if a window has been closed
getUserAgent(win : Window) => string
Gets the user agent for the specified window
win.navigator.mockUserAgent
if specified, to allow for mocking / tests.getFrameByName(win : Window, name : string) => ?Window
Gets a frame window with the given name, if it exists as a child of the specified window.
findChildFrameByName(win : Window, name : string) => ?Window
Recursively searches for a given frame window inside the children specified window.
findFrameByName(win : Window, name : string) => ?Window
Recursively searches for a given frame window inside the entire frame hierarchy of the specified window.
isParent(parent : Window, child : Window) => boolean
Returns true if the specified parent window is the parent of the specified child window.
isOpener(opener : Window, child : Window) => boolean
Returns true if the specified opener window is the opener of the specified child window.
getAncestor(win : Window) => ?Window
Gets either the parent or the opener of the specified window, if either is present.
getAncestors(win : Window) => Array<Window>
Recursively gets either the parent or the opener of the specified window, if either is present, and returns an array of the entire ancestor hierarchy.
isAncestor(ancestor : Window, child : Window) => boolean
Returns true if the specified ancestor window is the parent or the opener of the specified child window.
isPopup(win : Window) => boolean
Returns true if the specified window has been opened with window.open
(i.e. if it is a popup window)
isIframe(win : Window) => boolean
Returns true if the specified window has been opened as an iframe.
getDistanceFromTop(win : Window) => number
Gets the numerical distance from the specified window to the top level window in that window's hierarchy.
getNthParent(win : Window, n : number) => ?Window
Gets the window n
levels up from the specified window, if it exists.
isSameTopWindow(win1 : window, win2 : Window) => boolean
Returns true if the windows are in the same hierarchy, with the same top level window
isWindow(obj : Window) => boolean
Returns true if the specified object is a window instance
onCloseWindow(win : Window, callback : Function, interval : number) => { cancel : Function }
Calls the callback when the specified window closes, with checks running on the specified interval.
.cancel()
method, to stop the loopmatchDomain(pattern : (string | RegExp | Array<string>), domain : string) => boolean
Returns true if the specified domain matches the pattern. The pattern can be one of:
All of the tasks are listed in the package.json file under the scripts section
Command | Description |
---|---|
npm run build | Builds the dist files |
npm test | Runs the test suite. Lint + Type + Karma |
Run the debug task and pass the next tasks as argument.
npm run debug -- npm run build
npm run debug -- npm test
npm run debug -- npm run karma -- --browsers=Chrome
FAQs
Utilities for dealing with cross-domain windows.
We found that @krakenjs/cross-domain-utils demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.
Security News
Research
A supply chain attack on Rspack's npm packages injected cryptomining malware, potentially impacting thousands of developers.
Research
Security News
Socket researchers discovered a malware campaign on npm delivering the Skuld infostealer via typosquatted packages, exposing sensitive data.