External editors.

Simplify the "valid-origin" check for cross-iframe messages.

www/ace/ace-main.ts

@@ -9,11 +9,9 @@ module TDev {
 
     // ---------- Communication protocol
 
-    var allowedOrigins = {
+    function isAllowedOrigin(origin: string) {
-        "http://localhost:4242": null,
+        return origin.indexOf((<any>document.location).origin) == 0;
-        "https://www.touchdevelop.com": null,
+    }
-        "https://mbitmain.azurewebsites.net": null
-    };
 
     // Both of these are written once when we receive the first (trusted)
     // message.
@@ -28,7 +26,7 @@ module TDev {
     var currentVersion: string;
 
     window.addEventListener("message", (event) => {
-        if (!(event.origin in allowedOrigins))
+        if (!isAllowedOrigin(event.origin))
             return;
 
         if (!outer || !origin) {

www/blockly/blockly-main.ts

@@ -6,11 +6,9 @@ module TDev {
 
   // ---------- Communication protocol
 
-  var allowedOrigins: { [index: string]: any } = {
+  function isAllowedOrigin(origin: string) {
-    "http://localhost:4242": null,
+      return origin.indexOf((<any>document.location).origin) == 0;
-    "https://www.touchdevelop.com": null,
+  }
-    "https://mbitmain.azurewebsites.net": null
-  };
 
   var $ = (s: string) => document.querySelector(s);
 
@@ -24,7 +22,7 @@ module TDev {
   var inMerge: boolean = false;
 
   window.addEventListener("message", (event) => {
-    if (!(event.origin in allowedOrigins)) {
+    if (!isAllowedOrigin(event.origin)) {
       console.error("[inner message] not from the right origin!", event.origin);
       return;
     }