glitch-social

Commit Graph

Author	SHA1	Message	Date
rinsuki	6e736f2452	fix: embed.js doesn't expands iframes height (#18301 ) also including some refactoring: - add `// @ts-check` - use Map to completely avoid prototype pollution - assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts - check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec) follow-up of #17420 fix #18299	2022-05-04 03:20:44 +02:00
Rohan Sharma	4d6d4b43c6	Fixed prototype pollution bug and only allow trusted origin (#17420 )	2022-02-01 17:34:48 +01:00
Eugen Rochko	6867681c7c	Add script to make embedded iframes autosize (#4853 )	2017-09-09 16:23:44 +02:00

Author

SHA1

Message

Date

rinsuki

6e736f2452

fix: embed.js doesn't expands iframes height (#18301 )

also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299

2022-05-04 03:20:44 +02:00

Rohan Sharma

4d6d4b43c6

Fixed prototype pollution bug and only allow trusted origin (#17420 )

2022-02-01 17:34:48 +01:00

Eugen Rochko

6867681c7c

Add script to make embedded iframes autosize (#4853 )

2017-09-09 16:23:44 +02:00

3 Commits