Wrapper nonce security comments
This commit is contained in:
HelloZeroNet
parent
4d7ce1dc16
commit
b0ac9869ce
1 changed files with 5 additions and 1 deletions
|
|
@ -70,7 +70,8 @@ class Wrapper
|
||||||
|
|
||||||
# Incoming message from inner frame
|
# Incoming message from inner frame
|
||||||
onMessageInner: (e) =>
|
onMessageInner: (e) =>
|
||||||
if not window.postmessage_nonce_security and @opener == null # Test opener
|
# No nonce security enabled, test if window opener present
|
||||||
|
if not window.postmessage_nonce_security and @opener == null
|
||||||
if window.opener
|
if window.opener
|
||||||
@log "Opener present", window.opener
|
@log "Opener present", window.opener
|
||||||
@displayOpenerDialog()
|
@displayOpenerDialog()
|
||||||
|
|
@ -79,14 +80,17 @@ class Wrapper
|
||||||
@opener = false
|
@opener = false
|
||||||
|
|
||||||
message = e.data
|
message = e.data
|
||||||
|
# Invalid message (probably not for us)
|
||||||
if not message.cmd
|
if not message.cmd
|
||||||
return false
|
return false
|
||||||
|
|
||||||
|
# Test nonce security to avoid third-party messages
|
||||||
if window.postmessage_nonce_security and message.wrapper_nonce != window.wrapper_nonce
|
if window.postmessage_nonce_security and message.wrapper_nonce != window.wrapper_nonce
|
||||||
@log "Message nonce error:", message.wrapper_nonce, '!=', window.wrapper_nonce
|
@log "Message nonce error:", message.wrapper_nonce, '!=', window.wrapper_nonce
|
||||||
@actionNotification({"params": ["error", "Message wrapper_nonce error, please report!"]})
|
@actionNotification({"params": ["error", "Message wrapper_nonce error, please report!"]})
|
||||||
window.removeEventListener("message", @onMessageInner)
|
window.removeEventListener("message", @onMessageInner)
|
||||||
return
|
return
|
||||||
|
|
||||||
cmd = message.cmd
|
cmd = message.cmd
|
||||||
if cmd == "innerReady"
|
if cmd == "innerReady"
|
||||||
@inner_ready = true
|
@inner_ready = true
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue