Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
blocking-elements
Advanced tools
Implementation of proposal https://github.com/whatwg/html/issues/897
The polyfill chooses a non-colliding name (
document.$blockingElements
instead ofdocument.blockingElements
) as the proposal is still work in progress and hasn't yet reached consensus on the semantics and functionality (see this discussion for more details).
document.$blockingElements
manages a stack of elements that inert the interaction outside them.
push(elem), remove(elem), pop()
document.$blockingElements.top
) and its subtree is the interactive part of the documenthas(elem)
returns if the element is a blocking elementThis polyfill will:
document.body
inert
to all the siblings of each parent, skipping the parents and the element's distributed content (if any)Use this polyfill together with the wicg-inert polyfill to disable interactions on the rest of the document. See the demo page as an example.
Another approach could be to listen for events that trigger focus change (e.g. focus, blur, keydown
) and prevent those if focus moves out of the blocking element.
Wrapping the focus requires to find all the focusable nodes within the top blocking element, eventually sort by tabindex, in order to find first and last focusable node.
This approach doesn't allow the focus to move outside the window (e.g. to the browser's url bar, dev console if opened, etc.), and is less robust when used with assistive technology (e.g. android talkback allows to move focus with swipe on screen, Apple Voiceover allows to move focus with special keyboard combinations).
Blocking Elements relies on the inert
attribute and uses Set
objects, so make sure to include their polyfills as needed.
npm install --save babel-polyfill
npm install --save wicg-inert
npm install --save blocking-elements
<script src="./node_modules/babel-polyfill/dist/polyfill.min.js"></script>
<script src="./node_modules/wicg-inert/dist/inert.min.js"></script>
<script src="./node_modules/blocking-elements/dist/blocking-elements.min.js"></script>
<div id="container">
<button onclick="makeBlocking(container)">make blocking</button>
<button onclick="undoBlocking(container)">undo blocking</button>
</div>
<button>some button</button>
<script>
function makeBlocking(element) {
document.$blockingElements.push(element);
}
function undoBlocking(element) {
document.$blockingElements.remove(element);
}
</script>
Two scripts are included:
/dist/blocking-elements.min.js
: minified and transpiled to ES5.
/dist/blocking-elements.js
: un-minified ES2017.
If your toolchain supports Node-style module resolution (e.g. TypeScript's --moduleResolution=node
), then the main blocking-elements
bare module specifier resolves to this file. TypeScript declarations are also included for this module:
import {DocumentWithBlockingElements} from 'blocking-elements';
const blockingElements =
(document as DocumentWithBlockingElements).$blockingElements;
blockingElements.push(...);
blockingElements.remove(...);
Install the dependencies with npm install
and serve the resources.
Run the tests locally by navigating to http://localhost:8080/test/
Performance is dependent on the inert
polyfill performance. Chrome recently landed the inert
attribute implementation behind a flag.
Let's compare the how long it takes to toggle the deepest x-trap-focus
inside nested x-b
of the demo page (http://localhost:8080/demo/ce.html?ce=v1)
.
document.$blockingElements
with native inert is ~15x faster than polyfilled inert 🎉 🎉 🎉
with polyfilled inert (M58) | with native inert (M60) |
---|---|
FAQs
A polyfill for the proposed blocking elements stack API
We found that blocking-elements demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 10 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.