Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

new IFrame messaging needs messaging API secured a bit better #241

Open
steveseguin opened this issue Aug 23, 2020 · 0 comments
Open

new IFrame messaging needs messaging API secured a bit better #241

steveseguin opened this issue Aug 23, 2020 · 0 comments

Comments

@steveseguin
Copy link
Owner

will need to review the iframe messaging API a bit more; ensure the only target iframe/parent window gets the message.

Setting targetOrigin to "*" [:83] in postMessage [:83] may enable malicious parties to intercept the message. Consider using an exact target origin instead.

I could always even encrypt the chat messages, lol.

if(!key) { return; }
window.postMessage({
    action : PUBLISH_KEY, 
    key: key,
    data : data
}, '*');
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
1 participant
@steveseguin