keeweb/keeweb
1
0
Fork 0
mirror of https://github.com/keeweb/keeweb.git synced 2024-06-21 07:06:39 +02:00
Code Issues Releases Wiki Activity

checking origin in window message handlers

Browse Source
This commit is contained in:
antelle 2020-04-17 20:53:40 +02:00
parent 2f214b25c7
commit 0aa925f95d
No known key found for this signature in database
GPG Key ID: 094A2F2D6136A4EE
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/scripts/comp/app/dropbox-chooser.js
View File

@ -41,7 +41,7 @@ DropboxChooser.prototype.buildUrl = function() {
};
DropboxChooser.prototype.onMessage = function(e) {
if (e.source !== this.popup) {
if (e.source !== this.popup || e.origin !== 'https://www.dropbox.com') {
return;
}
const data = JSON.parse(e.data);

3
app/scripts/storage/storage-base.js
View File

@ -316,6 +316,9 @@ class StorageBase {
};
const windowMessage = e => {
if (e.origin !== location.origin) {
return;
}
if (e.data && e.data.error) {
this.logger.error('OAuth error', e.data.error, e.data.error_description);
callback('OAuth: ' + e.data.error);