Noratrieb/slides
1
0
Fork 0
mirror of https://github.com/Noratrieb/slides.git synced 2026-01-14 16:35:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

notes plugin only listens for same-origin postmessages to prevent xss

Browse source
This commit is contained in:
hakimel 2022-05-12 22:07:48 +02:00
parent 4b6ac46cde
commit 3dade61176
9 changed files with 36 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
js/utils/constants.js
View file

@ -4,7 +4,7 @@ export const HORIZONTAL_SLIDES_SELECTOR = '.slides>section';
export const VERTICAL_SLIDES_SELECTOR = '.slides>section.present>section';
// Methods that may not be invoked via the postMessage API
export const POST_MESSAGE_METHOD_BLACKLIST = /registerPlugin|registerKeyboardShortcut|addKeyBinding|addEventListener/;
export const POST_MESSAGE_METHOD_BLACKLIST = /registerPlugin|registerKeyboardShortcut|addKeyBinding|addEventListener|showPreview/;
// Regex for retrieving the fragment style from a class attribute
export const FRAGMENT_STYLE_REGEX = /fade-(down|up|right|left|out|in-then-out|in-then-semi-out)|semi-fade-out|current-visible|shrink|grow/;