From a20a6ee569825a5455ba859a2d60c70859feb40c Mon Sep 17 00:00:00 2001 From: James Fletcher <42464962+jf205@users.noreply.github.com> Date: Mon, 28 Apr 2025 10:42:40 +0100 Subject: [PATCH] Potential fix for code scanning alert no. 142: Missing origin verification in `postMessage` handler Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- docs/assets/js/asciinema-player.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/assets/js/asciinema-player.js b/docs/assets/js/asciinema-player.js index 0d14b0dfcb..bbb3f569e7 100644 --- a/docs/assets/js/asciinema-player.js +++ b/docs/assets/js/asciinema-player.js @@ -146,7 +146,8 @@ } else { var h = [], g = String(Math.random()); window.addEventListener("message", function (e) { - if (e.data === g) { + var trustedOrigins = ['https://www.example.com']; // Add your trusted origins here + if (trustedOrigins.includes(e.origin) && e.data === g) { var t = h; h = [], t.forEach(function (e) { e()