Noratrieb/slides
1
0
Fork 0
mirror of https://github.com/Noratrieb/slides.git synced 2026-01-14 16:35:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

notes plugin only listens for same-origin postmessages to prevent xss

Browse source
This commit is contained in:
hakimel 2022-05-12 22:07:48 +02:00
parent 4b6ac46cde
commit 3dade61176
9 changed files with 36 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

8
plugin/notes/speaker-view.html
View file

@ -380,14 +380,8 @@
var connectionTimeout = setTimeout( function() {
connectionStatus.innerHTML = 'Error connecting to main window.<br>Please try closing and reopening the speaker view.';
}, 5000 );
;
window.addEventListener( 'message', function( event ) {
// Validate the origin of all messages to avoid parsing messages
// that aren't meant for us
if( window.location.origin !== event.origin ) {
return;
}
window.addEventListener( 'message', function( event ) {
clearTimeout( connectionTimeout );
connectionStatus.style.display = 'none';