1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00

Fixed prototype pollution bug and only allow trusted origin (#17420)

This commit is contained in:
Rohan Sharma 2022-02-01 22:04:48 +05:30 committed by GitHub
parent 54581d43e7
commit 4d6d4b43c6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -15,7 +15,7 @@
window.addEventListener('message', function(e) { window.addEventListener('message', function(e) {
var data = e.data || {}; var data = e.data || {};
if (data.type !== 'setHeight' || !iframes[data.id]) { if (data.type !== 'setHeight' || !iframes[data.id] || window.location.origin !== e.origin || data.id.toString() === '__proto__') {
return; return;
} }