HelloZeroNet/ZeroNet
1
0
Fork 0
mirror of https://github.com/HelloZeroNet/ZeroNet.git synced 2023-12-14 04:33:03 +01:00
Code Issues Projects Releases Wiki Activity

Rev884, Improve security by stop accepting postMessage if opener present

Browse source
This commit is contained in:
HelloZeroNet 2016-02-03 00:12:57 +01:00
parent c11d4f2632
commit 4cea7ebcda
3 changed files with 12 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/Config.py
View file

@ -8,7 +8,7 @@ class Config(object):
def __init__(self, argv):
self.version = "0.3.6"
self.rev = 881
self.rev = 884
self.argv = argv
self.action = None
self.config_file = "zeronet.conf"

5
src/Ui/media/Wrapper.coffee
View file

@ -1,6 +1,11 @@
class Wrapper
constructor: (ws_url) ->
@log "Created!"
if window.opener
@log "Security error: Opener present, exiting..."
document.write("Forbidden: Opener present.")
document.body.innerHTML = "Forbidden: Opener present."
return
@loading = new Loading()
@notifications = new Notifications($(".notifications"))

6
src/Ui/media/all.js
View file

@ -762,6 +762,12 @@ jQuery.extend( jQuery.easing,
this.onMessageInner = __bind(this.onMessageInner, this);
this.onMessageWebsocket = __bind(this.onMessageWebsocket, this);
this.log("Created!");
if (window.opener) {
this.log("Security error: Opener present, exiting...");
document.write("Forbidden: Opener present.");
document.body.innerHTML = "Forbidden: Opener present.";
return;
}
this.loading = new Loading();
this.notifications = new Notifications($(".notifications"));
this.fixbutton = new Fixbutton();