Commit 68e85f01 authored by Robert Hodan's avatar Robert Hodan Committed by Juan Corona

Do not accept messages from sources outside of our specified destination

parent cb4fc4ab
...@@ -52,6 +52,7 @@ function RPC (src, dst, origin, methods) { ...@@ -52,6 +52,7 @@ function RPC (src, dst, origin, methods) {
this._onmessage = function (ev) { this._onmessage = function (ev) {
if (self._destroyed) return; if (self._destroyed) return;
if (self.dst != ev.source) return;
if (self.origin !== '*' && ev.origin !== self.origin) return; if (self.origin !== '*' && ev.origin !== self.origin) return;
if (!ev.data || typeof ev.data !== 'object') return; if (!ev.data || typeof ev.data !== 'object') return;
if (ev.data.protocol !== 'frame-rpc') return; if (ev.data.protocol !== 'frame-rpc') return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment