Home Explore Help
Register Sign In
oleg
/
reveal.js
mirror of https://github.com/hakimel/reveal.js.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix xss issue reported by @realansgar, regression from 3dade6117628beb7706b4abdc61c268ce281abbc

Hakim El Hattab 1 year ago
parent
5d131cea20
commit
16f6633014
3 changed files with 7 additions and 0 deletions
Unified View Show Diff Stats
  1. 0 0
      plugin/notes/notes.esm.js
  2. 0 0
      plugin/notes/notes.js
  3. 7 0
      plugin/notes/speaker-view.html

File diff suppressed because it is too large
+ 0 - 0
plugin/notes/notes.esm.js


File diff suppressed because it is too large
+ 0 - 0
plugin/notes/notes.js


+ 7 - 0
plugin/notes/speaker-view.html
View File 

@@ -383,6 +383,13 @@
 
 
 
 				window.addEventListener( 'message', function( event ) {
 
 				window.addEventListener( 'message', function( event ) {
 
 
 
+					// Validate the origin of all messages to avoid parsing messages
 
+					// that aren't meant for us. Ignore when running off file:// so
 
+					// that the speaker view continues to work without a web server.
 
+					if( window.location.origin !== event.origin && window.location.origin !== 'file://' ) {
 
+						return
 
+					}
 
+
 
 					clearTimeout( connectionTimeout );
 
 					clearTimeout( connectionTimeout );
 
 					connectionStatus.style.display = 'none';
 
 					connectionStatus.style.display = 'none';

Some files were not shown because too many files changed in this diff