From 92ce4361ac4dc4980303fc8bd68eae8b0e944063 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 16 Oct 2025 12:35:24 +0000 Subject: [PATCH 1/3] Initial plan From bec25691701d9dcb2270a05d131f2907cf0ad119 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 16 Oct 2025 12:40:38 +0000 Subject: [PATCH 2/3] Add origin validation for message events in asciinema-player.js --- docs/assets/js/asciinema-player.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/assets/js/asciinema-player.js b/docs/assets/js/asciinema-player.js index 0d14b0dfcb..bbb3f569e7 100644 --- a/docs/assets/js/asciinema-player.js +++ b/docs/assets/js/asciinema-player.js @@ -146,7 +146,8 @@ } else { var h = [], g = String(Math.random()); window.addEventListener("message", function (e) { - if (e.data === g) { + var trustedOrigins = ['https://www.example.com']; // Add your trusted origins here + if (trustedOrigins.includes(e.origin) && e.data === g) { var t = h; h = [], t.forEach(function (e) { e() From 94b19092dfd575468c54bf107670b1d32e881a33 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 16 Oct 2025 12:41:13 +0000 Subject: [PATCH 3/3] Fix regex escape sequence in Ni function --- docs/assets/js/asciinema-player.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/assets/js/asciinema-player.js b/docs/assets/js/asciinema-player.js index bbb3f569e7..77038f2eb9 100644 --- a/docs/assets/js/asciinema-player.js +++ b/docs/assets/js/asciinema-player.js @@ -19503,7 +19503,7 @@ function registerAsciinemaPlayerElement() { }; function Ni(a) { - return [v.h('"'), v.h(a.replace(RegExp('[\\\\"\b\f\n\r\t]', "g"), function (a) { + return [v.h('"'), v.h(a.replace(RegExp('[\\\\\\"\b\f\n\r\t]', "g"), function (a) { return Mi[a] })), v.h('"')].join("") }