diff options
author | toasted-nutbread <toasted-nutbread@users.noreply.github.com> | 2020-02-16 23:41:17 -0500 |
---|---|---|
committer | toasted-nutbread <toasted-nutbread@users.noreply.github.com> | 2020-02-16 23:41:17 -0500 |
commit | aee16c443195ff8ab2b0f5f5e8551e44895d48a1 (patch) | |
tree | 5ce788e02d378f859848ad4e8391086b5140e7b5 /ext/bg/js/settings/popup-preview.js | |
parent | 2ace8d4ffa89d07a4fb07a410134054a1bccc431 (diff) |
Check origin on window messages
Diffstat (limited to 'ext/bg/js/settings/popup-preview.js')
-rw-r--r-- | ext/bg/js/settings/popup-preview.js | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/ext/bg/js/settings/popup-preview.js b/ext/bg/js/settings/popup-preview.js index 0d20471e..d1d2ff5e 100644 --- a/ext/bg/js/settings/popup-preview.js +++ b/ext/bg/js/settings/popup-preview.js @@ -40,20 +40,22 @@ function showAppearancePreview() { window.wanakana.bind(text[0]); + const targetOrigin = chrome.runtime.getURL('/').replace(/\/$/, ''); + text.on('input', () => { const action = 'setText'; const params = {text: text.val()}; - frame.contentWindow.postMessage({action, params}, '*'); + frame.contentWindow.postMessage({action, params}, targetOrigin); }); customCss.on('input', () => { const action = 'setCustomCss'; const params = {css: customCss.val()}; - frame.contentWindow.postMessage({action, params}, '*'); + frame.contentWindow.postMessage({action, params}, targetOrigin); }); customOuterCss.on('input', () => { const action = 'setCustomOuterCss'; const params = {css: customOuterCss.val()}; - frame.contentWindow.postMessage({action, params}, '*'); + frame.contentWindow.postMessage({action, params}, targetOrigin); }); container.append(frame); |