mirror of
https://github.com/moparisthebest/mail
synced 2024-11-28 20:02:16 -05:00
[WO-03-008] Fix no Origin Checks for postMessage Communication (High)
This commit is contained in:
parent
4a681a73d2
commit
2aa166ac19
@ -12,6 +12,11 @@ DOMPurify.addHook('afterSanitizeAttributes', function(node) {
|
|||||||
window.onmessage = function(e) {
|
window.onmessage = function(e) {
|
||||||
var html = '';
|
var html = '';
|
||||||
|
|
||||||
|
// ignore messages from other origins to prevent XSS
|
||||||
|
if (e.origin !== location.origin) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (e.data.html) {
|
if (e.data.html) {
|
||||||
// display html mail body
|
// display html mail body
|
||||||
html = e.data.html;
|
html = e.data.html;
|
||||||
|
Loading…
Reference in New Issue
Block a user