diff options
author | rinsuki <428rinsuki+git@gmail.com> | 2022-05-04 10:20:44 +0900 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-05-04 03:20:44 +0200 |
commit | 6e736f2452d2e6fdd4da6d8f6f2f44da9d83fa4f (patch) | |
tree | d20669ab3c0f8750e425bf34ebc0a4e7d8c7cdc1 /app/policies/email_domain_block_policy.rb | |
parent | a01580f09f33c275fcc0ffe616b5b5b403f46cae (diff) |
fix: embed.js doesn't expands iframes height (#18301)
also including some refactoring: - add `// @ts-check` - use Map to completely avoid prototype pollution - assign random id to each iframe for reduce chance to brute-force attack, and leak of iframe counts - check iframe.contentWindow and MessageEvent.source to validate message is coming from correct iframe (it works on latest Chrome/Firefox/Safari but I'm not sure this is allowed by spec) follow-up of #17420 fix #18299
Diffstat (limited to 'app/policies/email_domain_block_policy.rb')
0 files changed, 0 insertions, 0 deletions