Skip to content

Commit 73a6e3d

Browse files
committed
[library] [sanitization] Add sanitization to the postMessage library.
1 parent 4a8bb0c commit 73a6e3d

File tree

2 files changed

+11
-3
lines changed

2 files changed

+11
-3
lines changed

assets/scripts/postmessage.js

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,11 @@
3636
_init();
3737

3838
// Automatically receive forward messages.
39-
FS.PostMessage.receiveOnce('forward', function (data){
40-
window.location = data.url;
39+
FS.PostMessage.receiveOnce('forward', function (data) {
40+
// Sanitize the URL.
41+
if (data.url && (data.url.startsWith('http://') || data.url.startsWith('https://'))) {
42+
window.location = data.url;
43+
}
4144
});
4245

4346
iframes = iframes || [];
@@ -52,6 +55,11 @@
5255
},
5356
init_child : function ()
5457
{
58+
// Don't initialize as children if we cannot detect parent.
59+
if (!_hasParent) {
60+
return;
61+
}
62+
5563
this.init(_parent_subdomain);
5664

5765
_is_child = true;

start.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
*
1616
* @var string
1717
*/
18-
$this_sdk_version = '2.11.0.2';
18+
$this_sdk_version = '2.11.0.3';
1919

2020
#region SDK Selection Logic --------------------------------------------------------------------
2121

0 commit comments

Comments
 (0)