Commit Graph

4 Commits (2c0eaf50f6441da34783d982519889818901d467)

Author SHA1 Message Date
Matt Hodges 7ea3a33c86 Embed js height fix (#22141)
* only begin iframe reheight once document state is complete

* format

* lint fixes

* Update public/embed.js to use readystatechange event listener

Co-authored-by: Claire <claire.github-309c@sitedethib.com>

* Call loaded() if ready, otherwise add listenter

* lint fix

Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2022-12-15 16:18:59 +01:00
rinsuki 44ff9b2e9b fix: embed.js doesn't expands iframes height (#18301)
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299
2022-05-04 03:20:44 +02:00
Rohan Sharma e96b704def Fixed prototype pollution bug and only allow trusted origin (#17420) 2022-02-01 17:34:48 +01:00
Eugen Rochko 2303725f7d Add script to make embedded iframes autosize (#4853) 2017-09-09 16:23:44 +02:00