Matrix/element-web-Github
1
0
Fork 0
mirror of https://github.com/vector-im/element-web.git synced 2024-11-17 05:55:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1760 from matrix-org/matthew/improve-postmessage-origin-check2

Browse Source 
improve origin check of ScalarMessaging postmessage API.
This commit is contained in:
Richard van der Hoff 2018-02-19 16:39:15 +00:00 committed by GitHub
commit 715198dc17
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ScalarMessaging.js
View File

@ -563,7 +563,7 @@ const onMessage = function(event) {
const url = SdkConfig.get().integrations_ui_url; const url = SdkConfig.get().integrations_ui_url;
if ( if (
event.origin.length === 0 || event.origin.length === 0 ||
!url.startsWith(event.origin) || !url.startsWith(event.origin + '/') ||
!event.data.action || !event.data.action ||
event.data.api // Ignore messages with specific API set event.data.api // Ignore messages with specific API set
) { ) {