about summary refs log tree commit diff
path: root/app/policies/email_domain_block_policy.rb
diff options
context:
space:
mode:
authorrinsuki <428rinsuki+git@gmail.com>2022-05-04 10:20:44 +0900
committerGitHub <noreply@github.com>2022-05-04 03:20:44 +0200
commit6e736f2452d2e6fdd4da6d8f6f2f44da9d83fa4f (patch)
treed20669ab3c0f8750e425bf34ebc0a4e7d8c7cdc1 /app/policies/email_domain_block_policy.rb
parenta01580f09f33c275fcc0ffe616b5b5b403f46cae (diff)
fix: embed.js doesn't expands iframes height (#18301)
also including some refactoring:
- add `// @ts-check`
- use Map to completely avoid prototype pollution
- assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts
- check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec)

follow-up of #17420
fix #18299
Diffstat (limited to 'app/policies/email_domain_block_policy.rb')
0 files changed, 0 insertions, 0 deletions