Skip to content

Commit d504864

Browse files
catarakcatarak
committed
Check origin for postMessage
1 parent b5c2ac9 commit d504864

File tree

3 files changed

+5
-1
lines changed

3 files changed

+5
-1
lines changed

client/modules/IDE/components/ConsoleInput.jsx

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,9 @@ class ConsoleInput extends React.Component {
2828
if (value.trim(' ') === '') {
2929
return false;
3030
}
31+
// need to get access to iframe here?
32+
// could pass "evaluate console function"
33+
// could make a component that handles all of this messaging
3134
window.postMessage([{
3235
log: Encode({ method: 'command', data: Encode(value) }),
3336
source: 'console'

client/modules/IDE/components/PreviewFrame.jsx

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ class PreviewFrame extends React.Component {
7070
}
7171

7272
handleConsoleEvent(messageEvent) {
73+
if (messageEvent.origin !== window.origin) return;
7374
if (Array.isArray(messageEvent.data)) {
7475
const decodedMessages = messageEvent.data.map(message => Object.assign(
7576
Decode(message.log),

client/utils/previewEntry.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ Hook(window.console, (log) => {
1313
});
1414
setInterval(() => {
1515
if (consoleBuffer.length > 0) {
16-
window.parent.postMessage(consoleBuffer, '*');
16+
window.parent.postMessage(consoleBuffer, window.origin);
1717
consoleBuffer.length = 0;
1818
}
1919
}, LOGWAIT);

0 commit comments

Comments
 (0)