Merge pull request #326 from whiteout-io/dev/WO-961

[WO-03-008] Fix no Origin Checks for postMessage Communication (High)
master
Felix Hammerl 2015-04-27 11:25:44 +02:00
commit 9f39b67812
1 changed files with 5 additions and 0 deletions

View File

@ -12,6 +12,11 @@ DOMPurify.addHook('afterSanitizeAttributes', function(node) {
window.onmessage = function(e) {
var html = '';
// ignore messages from other origins to prevent XSS
if (e.origin !== location.origin) {
return;
}
if (e.data.html) {
// display html mail body
html = e.data.html;