[Libreoffice-commits] online.git: loleaflet/src
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Mon May 27 08:51:46 UTC 2019
loleaflet/src/map/handler/Map.WOPI.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit e1c2c2e3c5b16990c156ea795d68f365deb30253
Author: Alexandru Vlăduţu <alexandru.vladutu at 1and1.ro>
AuthorDate: Wed May 15 10:46:11 2019 +0300
Commit: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
CommitDate: Mon May 27 10:51:28 2019 +0200
loleaflet: add postmessage check
Checks if messages are coming from the parent only (the frame which
opened the editor) to avoid unwanted commands from 3rd parties.
Change-Id: Ieffe36169dcefbe130869596672c1628c76b6799
Reviewed-on: https://gerrit.libreoffice.org/72340
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
diff --git a/loleaflet/src/map/handler/Map.WOPI.js b/loleaflet/src/map/handler/Map.WOPI.js
index 4a267529e..5269cbe51 100644
--- a/loleaflet/src/map/handler/Map.WOPI.js
+++ b/loleaflet/src/map/handler/Map.WOPI.js
@@ -136,7 +136,7 @@ L.Map.WOPI = L.Handler.extend({
},
_postMessageListener: function(e) {
- if (!window.WOPIPostmessageReady) {
+ if (!window.WOPIPostmessageReady || (e.origin !== window.parent.origin)) {
return;
}
More information about the Libreoffice-commits
mailing list