loleaflet/src/map/handler/Map.WOPI.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit e1c2c2e3c5b16990c156ea795d68f365deb30253
Author: Alexandru Vlăduţu <alexandru.vlad...@1and1.ro>
AuthorDate: Wed May 15 10:46:11 2019 +0300
Commit: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
CommitDate: Mon May 27 10:51:28 2019 +0200
loleaflet: add postmessage check
Checks if messages are coming from the parent only (the frame which
opened the editor) to avoid unwanted commands from 3rd parties.
Change-Id: Ieffe36169dcefbe130869596672c1628c76b6799
Reviewed-on: https://gerrit.libreoffice.org/72340
Reviewed-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
Tested-by: Samuel Mehrbrodt <samuel.mehrbr...@cib.de>
diff --git a/loleaflet/src/map/handler/Map.WOPI.js
b/loleaflet/src/map/handler/Map.WOPI.js
index 4a267529e..5269cbe51 100644
--- a/loleaflet/src/map/handler/Map.WOPI.js
+++ b/loleaflet/src/map/handler/Map.WOPI.js
@@ -136,7 +136,7 @@ L.Map.WOPI = L.Handler.extend({
},
_postMessageListener: function(e) {
- if (!window.WOPIPostmessageReady) {
+ if (!window.WOPIPostmessageReady || (e.origin !==
window.parent.origin)) {
return;
}
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
