mirror of
https://github.com/mastodon/mastodon.git
synced 2024-12-22 21:06:01 +01:00
Fixed prototype pollution bug and only allow trusted origin (#17420)
This commit is contained in:
parent
54581d43e7
commit
4d6d4b43c6
1 changed files with 1 additions and 1 deletions
|
@ -15,7 +15,7 @@
|
||||||
window.addEventListener('message', function(e) {
|
window.addEventListener('message', function(e) {
|
||||||
var data = e.data || {};
|
var data = e.data || {};
|
||||||
|
|
||||||
if (data.type !== 'setHeight' || !iframes[data.id]) {
|
if (data.type !== 'setHeight' || !iframes[data.id] || window.location.origin !== e.origin || data.id.toString() === '__proto__') {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue