summaryrefslogtreecommitdiff
path: root/ext/fg/js
diff options
context:
space:
mode:
authortoasted-nutbread <toasted-nutbread@users.noreply.github.com>2020-02-16 23:41:17 -0500
committertoasted-nutbread <toasted-nutbread@users.noreply.github.com>2020-02-16 23:41:17 -0500
commitaee16c443195ff8ab2b0f5f5e8551e44895d48a1 (patch)
tree5ce788e02d378f859848ad4e8391086b5140e7b5 /ext/fg/js
parent2ace8d4ffa89d07a4fb07a410134054a1bccc431 (diff)
Check origin on window messages
Diffstat (limited to 'ext/fg/js')
-rw-r--r--ext/fg/js/popup.js3
1 files changed, 2 insertions, 1 deletions
diff --git a/ext/fg/js/popup.js b/ext/fg/js/popup.js
index 59c46ab8..900e7325 100644
--- a/ext/fg/js/popup.js
+++ b/ext/fg/js/popup.js
@@ -33,6 +33,7 @@ class Popup {
this._options = null;
this._contentScale = 1.0;
this._containerSizeContentScale = null;
+ this._targetOrigin = chrome.runtime.getURL('/').replace(/\/$/, '');
this._container = document.createElement('iframe');
this._container.className = 'yomichan-float';
@@ -349,7 +350,7 @@ class Popup {
_invokeApi(action, params={}) {
if (this._container.contentWindow) {
- this._container.contentWindow.postMessage({action, params}, '*');
+ this._container.contentWindow.postMessage({action, params}, this._targetOrigin);
}
}