Skip to content

Commit

Permalink
prevent XSS for app.html
Browse files Browse the repository at this point in the history
  • Loading branch information
@hatemhosny
hatemhosny committed Aug 15, 2023
1 parent 2949ccd commit 36362d8
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/livecodes/html/app-base.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,11 @@
<title>LiveCodes</title>
<script>
window.addEventListener('message', function (event) {
if (event.data.content) {
if (
event.origin === window.location.origin &&
event.source === parent &&
event.data.content
) {
document.write(event.data.content);

Check failure

Code scanning / SonarCloud

DOM updates should not lead to cross-site scripting (XSS) attacks Critical

Change this code to prevent execution of arbitrary client-side code. See more on SonarCloud
document.close();
}
Expand Down

0 comments on commit 36362d8

Please sign in to comment.