Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
@polymer/iron-overlay-behavior
Advanced tools
Provides a behavior for making an element an overlay
Use IronOverlayBehavior
to implement an element that can be hidden or shown, and displays
on top of other content. It includes an optional backdrop, and can be used to implement a variety
of UI controls including dialogs and drop downs. Multiple overlays may be displayed at once.
See the demo source code for an example.
An overlay may be hidden by closing or canceling. The difference between close and cancel is user
intent. Closing generally implies that the user acknowledged the content on the overlay. By default,
it will cancel whenever the user taps outside it or presses the escape key. This behavior is
configurable with the no-cancel-on-esc-key
and the no-cancel-on-outside-click
properties.
close()
should be called explicitly by the implementer when the user interacts with a control
in the overlay element. When the dialog is canceled, the overlay fires an 'iron-overlay-canceled'
event. Call preventDefault
on this event to prevent the overlay from closing.
By default the element is sized and positioned to fit and centered inside the window. You can
position and size it manually using CSS. See Polymer.IronFitBehavior
.
Set the with-backdrop
attribute to display a backdrop behind the overlay. The backdrop is
appended to <body>
and is of type <iron-overlay-backdrop>
. See its doc page for styling
options.
In addition, with-backdrop
will wrap the focus within the content in the light DOM.
Override the _focusableNodes
getter
to achieve a different behavior.
The element is styled to appear on top of other content by setting its z-index
property. You
must ensure no element has a stacking context with a higher z-index
than its parent stacking
context. You should place this element as a child of <body>
whenever possible.
iron-overlay-backdrop
is a backdrop used by Polymer.IronOverlayBehavior
. It should be a
singleton.
The following custom properties and mixins are available for styling.
Custom property | Description | Default |
---|---|---|
--iron-overlay-backdrop-background-color | Backdrop background color | #000 |
--iron-overlay-backdrop-opacity | Backdrop opacity | 0.6 |
--iron-overlay-backdrop | Mixin applied to iron-overlay-backdrop . | {} |
--iron-overlay-backdrop-opened | Mixin applied to iron-overlay-backdrop when it is displayed | {} |
See: Documentation, Demo.
npm install --save @polymer/iron-overlay-behavior
import {PolymerElement, html} from '@polymer/polymer';
import {mixinBehaviors} from '@polymer/polymer/lib/legacy/class.js';
import {IronOverlayBehavior} from '@polymer/iron-overlay-behavior/iron-overlay-behavior.js';
class SampleElement extends mixinBehaviors(IronOverlayBehavior, PolymerElement) {
static get template() {
return html`
<style>
:host {
background: white;
}
</style>
<p>Overlay Content</p>
`;
}
}
customElements.define('sample-element', SampleElement);
If you want to send a PR to this element, here are the instructions for running the tests and demo locally:
git clone https://github.com/PolymerElements/iron-overlay-behavior
cd iron-overlay-behavior
npm install
npm install -g polymer-cli
polymer serve --npm
open http://127.0.0.1:<port>/demo/
polymer test --npm
FAQs
Provides a behavior for making an element an overlay
The npm package @polymer/iron-overlay-behavior receives a total of 19,579 weekly downloads. As such, @polymer/iron-overlay-behavior popularity was classified as popular.
We found that @polymer/iron-overlay-behavior demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.