mastodon

Commit Graph

Author	SHA1	Message	Date
rinsuki	6e736f2452	fix: embed.js doesn't expands iframes height (#18301 ) also including some refactoring: - add `// @ts-check` - use Map to completely avoid prototype pollution - assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts - check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec) follow-up of #17420 fix #18299	3 years ago
Rohan Sharma	4d6d4b43c6	Fixed prototype pollution bug and only allow trusted origin (#17420 )	3 years ago
Eugen Rochko	6867681c7c	Add script to make embedded iframes autosize (#4853 )	8 years ago

Author

SHA1

Message

Date

rinsuki

6e736f2452

fix: embed.js doesn't expands iframes height (#18301 )

also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299

Rohan Sharma

4d6d4b43c6

Fixed prototype pollution bug and only allow trusted origin (#17420 )

Eugen Rochko

6867681c7c

Add script to make embedded iframes autosize (#4853 )

3 Commits (14dff49f92db0c9ad22575920fc8f00bd201ce42)