Home Explore Help
Register Sign In
oleg
/
reveal.js
mirror of https://github.com/hakimel/reveal.js.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

notes plugin only listens for same-origin postmessages to prevent xss

hakimel 3 years ago
parent
4b6ac46cde
commit
3dade61176
9 changed files with 30 additions and 15 deletions
Split View Show Diff Stats
  1. 0 0
      dist/reveal.esm.js
  2. 0 0
      dist/reveal.esm.js.map
  3. 0 0
      dist/reveal.js
  4. 0 0
      dist/reveal.js.map
  5. 1 1
      js/utils/constants.js
  6. 0 0
      plugin/notes/notes.esm.js
  7. 0 0
      plugin/notes/notes.js
  8. 28 7
      plugin/notes/plugin.js
  9. 1 7
      plugin/notes/speaker-view.html

File diff suppressed because it is too large
+ 0 - 0
dist/reveal.esm.js


File diff suppressed because it is too large
+ 0 - 0
dist/reveal.esm.js.map


File diff suppressed because it is too large
+ 0 - 0
dist/reveal.js


File diff suppressed because it is too large
+ 0 - 0
dist/reveal.js.map


+ 1 - 1
js/utils/constants.js
View File 

@@ -4,7 +4,7 @@ export const HORIZONTAL_SLIDES_SELECTOR = '.slides>section';
 
 export const VERTICAL_SLIDES_SELECTOR = '.slides>section.present>section';
 
 
 // Methods that may not be invoked via the postMessage API
 
-export const POST_MESSAGE_METHOD_BLACKLIST = /registerPlugin|registerKeyboardShortcut|addKeyBinding|addEventListener/;
 
+export const POST_MESSAGE_METHOD_BLACKLIST = /registerPlugin|registerKeyboardShortcut|addKeyBinding|addEventListener|showPreview/;
 
 
 // Regex for retrieving the fragment style from a class attribute
 
 export const FRAGMENT_STYLE_REGEX = /fade-(down|up|right|left|out|in-then-out|in-then-semi-out)|semi-fade-out|current-visible|shrink|grow/;

File diff suppressed because it is too large
+ 0 - 0
plugin/notes/notes.esm.js


File diff suppressed because it is too large
+ 0 - 0
plugin/notes/notes.js


+ 28 - 7
plugin/notes/plugin.js
View File 

@@ -151,15 +151,36 @@ const Plugin = () => {
 
 
 	}
 
 
-	function onPostMessage( event ) {
 
+	/**
 
+	 * Check if the given event is from the same origin as the
 
+	 * current window.
 
+	 */
 
+	function isSameOriginEvent( event ) {
 
 
-		let data = JSON.parse( event.data );
 
-		if( data && data.namespace === 'reveal-notes' && data.type === 'connected' ) {
 
-			clearInterval( connectInterval );
 
-			onConnected();
 
+		try {
 
+			return window.location.origin === event.source.location.origin;
 
 		}
 
-		else if( data && data.namespace === 'reveal-notes' && data.type === 'call' ) {
 
-			callRevealApi( data.methodName, data.arguments, data.callId );
 
+		catch ( error ) {
 
+			return false;
 
+		}
 
+
 
+	}
 
+
 
+	function onPostMessage( event ) {
 
+
 
+		// Only allow same-origin messages
 
+		// (added 12/5/22 as a XSS safeguard)
 
+		if( isSameOriginEvent( event ) ) {
 
+
 
+			let data = JSON.parse( event.data );
 
+			if( data && data.namespace === 'reveal-notes' && data.type === 'connected' ) {
 
+				clearInterval( connectInterval );
 
+				onConnected();
 
+			}
 
+			else if( data && data.namespace === 'reveal-notes' && data.type === 'call' ) {
 
+				callRevealApi( data.methodName, data.arguments, data.callId );
 
+			}
 
+
 
 		}
 
 
 	}

+ 1 - 7
plugin/notes/speaker-view.html
View File 

@@ -380,14 +380,8 @@
 
 				var connectionTimeout = setTimeout( function() {
 
 					connectionStatus.innerHTML = 'Error connecting to main window.<br>Please try closing and reopening the speaker view.';
 
 				}, 5000 );
 
-;
 
-				window.addEventListener( 'message', function( event ) {
 
 
-					// Validate the origin of all messages to avoid parsing messages
 
-					// that aren't meant for us
 
-					if( window.location.origin !== event.origin ) {
 
-						return;
 
-					}
 
+				window.addEventListener( 'message', function( event ) {
 
 
 					clearTimeout( connectionTimeout );
 
 					connectionStatus.style.display = 'none';

Some files were not shown because too many files changed in this diff