Browse Source
Fixed prototype pollution bug and only allow trusted origin (#17420)
closed-social-glitch-2
Rohan Sharma
2 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with
1 additions and
1 deletions
-
public/embed.js
|
|
@ -15,7 +15,7 @@ |
|
|
|
window.addEventListener('message', function(e) { |
|
|
|
var data = e.data || {}; |
|
|
|
|
|
|
|
if (data.type !== 'setHeight' || !iframes[data.id]) { |
|
|
|
if (data.type !== 'setHeight' || !iframes[data.id] || window.location.origin !== e.origin || data.id.toString() === '__proto__') { |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|