alex/yomichan
1
Fork 0
Code Releases Activity

Check origin on window messages

Browse Source
This commit is contained in:
toasted-nutbread 2020-02-16 23:41:17 -05:00
parent 2ace8d4ffa
commit aee16c4431
3 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ext/bg/js/settings/popup-preview-frame.js
View File

@ -27,6 +27,7 @@ class SettingsPopupPreview {
this.popupShown = false; this.popupShown = false;
this.themeChangeTimeout = null; this.themeChangeTimeout = null;
this.textSource = null; this.textSource = null;
this._targetOrigin = chrome.runtime.getURL('/').replace(/\/$/, '');
} }
static create() { static create() {
@ -97,6 +98,8 @@ class SettingsPopupPreview {
} }
onMessage(e) { onMessage(e) {
if (e.origin !== this._targetOrigin) { return; }
const {action, params} = e.data; const {action, params} = e.data;
const handler = SettingsPopupPreview._messageHandlers.get(action); const handler = SettingsPopupPreview._messageHandlers.get(action);
if (typeof handler !== 'function') { return; } if (typeof handler !== 'function') { return; }

8
ext/bg/js/settings/popup-preview.js
View File

@ -40,20 +40,22 @@ function showAppearancePreview() {
window.wanakana.bind(text[0]); window.wanakana.bind(text[0]);
const targetOrigin = chrome.runtime.getURL('/').replace(/\/$/, '');
text.on('input', () => { text.on('input', () => {
const action = 'setText'; const action = 'setText';
const params = {text: text.val()}; const params = {text: text.val()};
frame.contentWindow.postMessage({action, params}, '*'); frame.contentWindow.postMessage({action, params}, targetOrigin);
}); });
customCss.on('input', () => { customCss.on('input', () => {
const action = 'setCustomCss'; const action = 'setCustomCss';
const params = {css: customCss.val()}; const params = {css: customCss.val()};
frame.contentWindow.postMessage({action, params}, '*'); frame.contentWindow.postMessage({action, params}, targetOrigin);
}); });
customOuterCss.on('input', () => { customOuterCss.on('input', () => {
const action = 'setCustomOuterCss'; const action = 'setCustomOuterCss';
const params = {css: customOuterCss.val()}; const params = {css: customOuterCss.val()};
frame.contentWindow.postMessage({action, params}, '*'); frame.contentWindow.postMessage({action, params}, targetOrigin);
}); });
container.append(frame); container.append(frame);

3
ext/fg/js/popup.js
View File

@ -33,6 +33,7 @@ class Popup {
this._options = null; this._options = null;
this._contentScale = 1.0; this._contentScale = 1.0;
this._containerSizeContentScale = null; this._containerSizeContentScale = null;
this._targetOrigin = chrome.runtime.getURL('/').replace(/\/$/, '');
this._container = document.createElement('iframe'); this._container = document.createElement('iframe');
this._container.className = 'yomichan-float'; this._container.className = 'yomichan-float';
@ -349,7 +350,7 @@ class Popup {
_invokeApi(action, params={}) { _invokeApi(action, params={}) {
if (this._container.contentWindow) { if (this._container.contentWindow) {
this._container.contentWindow.postMessage({action, params}, '*'); this._container.contentWindow.postMessage({action, params}, this._targetOrigin);
} }
} }