[Libreoffice-commits] online.git: Branch 'libreoffice-6-2' - loleaflet/src
Libreoffice Gerrit user
logerrit at kemper.freedesktop.org
Tue May 28 07:50:08 UTC 2019
loleaflet/src/map/handler/Map.WOPI.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 40608eab166a65487edd1e5de98223d13713ba37
Author: Alexandru Vlăduţu <alexandru.vladutu at 1and1.ro>
AuthorDate: Wed May 15 10:46:11 2019 +0300
Commit: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
CommitDate: Tue May 28 09:49:51 2019 +0200
loleaflet: add postmessage check
Checks if messages are coming from the parent only (the frame which
opened the editor) to avoid unwanted commands from 3rd parties.
Change-Id: Ieffe36169dcefbe130869596672c1628c76b6799
Reviewed-on: https://gerrit.libreoffice.org/72340
Reviewed-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
Tested-by: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
(cherry picked from commit e1c2c2e3c5b16990c156ea795d68f365deb30253)
Reviewed-on: https://gerrit.libreoffice.org/73022
diff --git a/loleaflet/src/map/handler/Map.WOPI.js b/loleaflet/src/map/handler/Map.WOPI.js
index ce92fdc81..8503b5607 100644
--- a/loleaflet/src/map/handler/Map.WOPI.js
+++ b/loleaflet/src/map/handler/Map.WOPI.js
@@ -124,7 +124,7 @@ L.Map.WOPI = L.Handler.extend({
},
_postMessageListener: function(e) {
- if (!window.WOPIPostmessageReady) {
+ if (!window.WOPIPostmessageReady || (e.origin !== window.parent.origin)) {
return;
}
More information about the Libreoffice-commits
mailing list