[Pkg-javascript-commits] [sockjs-client] 372/434: Verify origin of the agent sending postMessage events

[Tonnerre Lombard]

This is an automated email from the git hooks/post-receive script.

tonnerre-guest pushed a commit to branch master
in repository sockjs-client.

commit b54d70fbf917fdc345b038416ef387100e26c593
Author: Marek Majkowski <majek04 at gmail.com>
Date:   Mon Mar 26 16:18:00 2012 +0100

    Verify origin of the agent sending postMessage events
---
 lib/trans-iframe-within.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/trans-iframe-within.js b/lib/trans-iframe-within.js
index 294badb..e562841 100644
--- a/lib/trans-iframe-within.js
+++ b/lib/trans-iframe-within.js
@@ -22,11 +22,17 @@ FacadeJS.prototype._doCleanup = function () {
     this._transport.doCleanup();
 };
 
+utils.parent_origin = undefined;
+
 SockJS.bootstrap_iframe = function() {
     var facade;
     curr_window_id = _document.location.hash.slice(1);
     var onMessage = function(e) {
         if(e.source !== parent) return;
+        if(typeof utils.parent_origin === 'undefined')
+            utils.parent_origin = e.origin;
+        if (e.origin !== utils.parent_origin) return;
+
         var window_id = e.data.slice(0, 8);
         var type = e.data.slice(8, 9);
         var data = e.data.slice(9);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/sockjs-client.git