From fd56ddaa5405a77466b6f157729326fd12807746 Mon Sep 17 00:00:00 2001 From: shortcutme Date: Wed, 21 Feb 2018 03:03:01 +0100 Subject: [PATCH] Remove wrapper object reference before loading iframe to enhance security --- src/Ui/media/Wrapper.coffee | 6 ++++++ src/Ui/template/wrapper.html | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/Ui/media/Wrapper.coffee b/src/Ui/media/Wrapper.coffee index 7868efbf..b8c172e4 100644 --- a/src/Ui/media/Wrapper.coffee +++ b/src/Ui/media/Wrapper.coffee @@ -398,6 +398,12 @@ class Wrapper @log "Setting title to", window.document.title + onWrapperLoad: => + # Cleanup secret variables + delete window.wrapper + delete window.wrapper_key + $("#script_init").remove() + # Send message to innerframe sendInner: (message) -> @inner.postMessage(message, '*') diff --git a/src/Ui/template/wrapper.html b/src/Ui/template/wrapper.html index 6f2c4741..b5bf1551 100644 --- a/src/Ui/template/wrapper.html +++ b/src/Ui/template/wrapper.html @@ -54,7 +54,7 @@ if (window.self !== window.top && document.execCommand) document.execCommand("St - - +