Contents

<script>
  function _contrast_isSameOrigin(action) {
    var thisDomain = document.domain;
    var parser = document.createElement('a');
    parser.href = action;
    return parser.hostname == thisDomain;
  }

  function _contrast_addTokenToForms() {
    for(var i=0;i<document.forms.length;i++) {
      var form = document.forms[i];
      var action = form.action;
      if(!!action || _contrast_isSameOrigin(action)) {
        if(!form._contrast_tokenized) {
          var input = document.createElement("input");
          input.setAttribute("type", "hidden");
          input.setAttribute("name", "!TOKEN_NAME!");
          input.setAttribute("value", "!TOKEN_VALUE!");
          form.appendChild(input);
          form._contrast_tokenized = true;
        }
      }
    }
  }

  (function() {_contrast_addTokenToForms();})();

  var _contrast_watchNewForms = (function() {
    var MutationObserver = window.MutationObserver || window.WebKitMutationObserver, eventListenerSupported = window.addEventListener;
    return function(obj, callback) {
      if(MutationObserver) {
        var obs = new MutationObserver(function(mutations, observer) {
          if( mutations[0].addedNodes.length )
            callback();
        });
        obs.observe(obj, { childList:true, subtree:true });
      } else if(eventListenerSupported) {
        obj.addEventListener('DOMNodeInserted', callback, false);
      }
    }
  })();

  _contrast_watchNewForms(document.body, function() { _contrast_addTokenToForms(); });
</script>

Version data entries

8 entries across 8 versions & 1 rubygems

Version	Path
contrast-agent-3.11.0	resources/csrf/inject.js
contrast-agent-3.10.2	resources/csrf/inject.js
contrast-agent-3.10.1	resources/csrf/inject.js
contrast-agent-3.10.0	resources/csrf/inject.js
contrast-agent-3.9.1	resources/csrf/inject.js
contrast-agent-3.9.0	resources/csrf/inject.js
contrast-agent-3.8.5	resources/csrf/inject.js
contrast-agent-3.8.4	resources/csrf/inject.js