diff options
| author | toasted-nutbread <toasted-nutbread@users.noreply.github.com> | 2020-02-16 23:41:17 -0500 |
|---|---|---|
| committer | toasted-nutbread <toasted-nutbread@users.noreply.github.com> | 2020-02-16 23:41:17 -0500 |
| commit | aee16c443195ff8ab2b0f5f5e8551e44895d48a1 (patch) | |
| tree | 5ce788e02d378f859848ad4e8391086b5140e7b5 /ext/bg/js/settings/popup-preview-frame.js | |
| parent | 2ace8d4ffa89d07a4fb07a410134054a1bccc431 (diff) | |
Check origin on window messages
Diffstat (limited to 'ext/bg/js/settings/popup-preview-frame.js')
| -rw-r--r-- | ext/bg/js/settings/popup-preview-frame.js | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/ext/bg/js/settings/popup-preview-frame.js b/ext/bg/js/settings/popup-preview-frame.js index e900d4e2..890b8c96 100644 --- a/ext/bg/js/settings/popup-preview-frame.js +++ b/ext/bg/js/settings/popup-preview-frame.js @@ -27,6 +27,7 @@ class SettingsPopupPreview { this.popupShown = false; this.themeChangeTimeout = null; this.textSource = null; + this._targetOrigin = chrome.runtime.getURL('/').replace(/\/$/, ''); } static create() { @@ -97,6 +98,8 @@ class SettingsPopupPreview { } onMessage(e) { + if (e.origin !== this._targetOrigin) { return; } + const {action, params} = e.data; const handler = SettingsPopupPreview._messageHandlers.get(action); if (typeof handler !== 'function') { return; } |