Skip to content

Commit

Permalink
fix(webextension): prevent to send/receive message from other origin (#…
Browse files Browse the repository at this point in the history 
…56)
  • Loading branch information
@azu
azu authored Jun 25, 2021
1 parent 169d148 commit 9a740b2
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
2 changes: 1 addition & 1 deletion packages/webextension/app/scripts/contentScript.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ window.addEventListener("message", (event) => {
direction: "from-content-script",
result
},
"*"
window.location.origin
);
});
}
Expand Down
8 changes: 6 additions & 2 deletions packages/webextension/app/scripts/pageScript.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@ const commandHandler = <R>(command: string, args: any): Promise<R> => {
return new Promise<R>((resolve) => {
logger.log("[PageScript]", command, args);
const listener = (message: MessageEvent) => {
// prevent to receive message from other origin
// ContentScript send message from current page's origin
if (message.origin !== window.location.origin) {
return;
}
if (
message.data &&
message.data.direction === "from-content-script" &&
Expand All @@ -25,7 +30,7 @@ const commandHandler = <R>(command: string, args: any): Promise<R> => {
direction: "from-page-script",
nonRandomKey
},
"*"
window.location.origin
);
});
};
Expand All @@ -46,7 +51,6 @@ const isIgnored = ({ text, message }: { text: string; message: TextlintMessage }
const lintEngine: LintEngineAPI = {
async lintText({ text }) {
const results = await commandHandler<ReturnType<LintEngineAPI["lintText"]>>("lintText", { text });
logger.log("results", results);
return results.map((result) => {
return {
filePath: result.filePath,
Expand Down

0 comments on commit 9a740b2

Please sign in to comment.