From f91c0e5ec3a7b29d517d1a395ee8364e844c5452 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Mon, 27 Apr 2015 13:51:28 -0700 Subject: [PATCH] External editors. Simplify the "valid-origin" check for cross-iframe messages. --- www/ace/ace-main.ts | 10 ++++------ www/blockly/blockly-main.ts | 10 ++++------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/www/ace/ace-main.ts b/www/ace/ace-main.ts index 8433870e..32a5615d 100644 --- a/www/ace/ace-main.ts +++ b/www/ace/ace-main.ts @@ -9,11 +9,9 @@ module TDev { // ---------- Communication protocol - var allowedOrigins = { - "http://localhost:4242": null, - "https://www.touchdevelop.com": null, - "https://mbitmain.azurewebsites.net": null - }; + function isAllowedOrigin(origin: string) { + return origin.indexOf((document.location).origin) == 0; + } // Both of these are written once when we receive the first (trusted) // message. @@ -28,7 +26,7 @@ module TDev { var currentVersion: string; window.addEventListener("message", (event) => { - if (!(event.origin in allowedOrigins)) + if (!isAllowedOrigin(event.origin)) return; if (!outer || !origin) { diff --git a/www/blockly/blockly-main.ts b/www/blockly/blockly-main.ts index f35e8a80..3cb90ffc 100644 --- a/www/blockly/blockly-main.ts +++ b/www/blockly/blockly-main.ts @@ -6,11 +6,9 @@ module TDev { // ---------- Communication protocol - var allowedOrigins: { [index: string]: any } = { - "http://localhost:4242": null, - "https://www.touchdevelop.com": null, - "https://mbitmain.azurewebsites.net": null - }; + function isAllowedOrigin(origin: string) { + return origin.indexOf((document.location).origin) == 0; + } var $ = (s: string) => document.querySelector(s); @@ -24,7 +22,7 @@ module TDev { var inMerge: boolean = false; window.addEventListener("message", (event) => { - if (!(event.origin in allowedOrigins)) { + if (!isAllowedOrigin(event.origin)) { console.error("[inner message] not from the right origin!", event.origin); return; }