From a20a6ee569825a5455ba859a2d60c70859feb40c Mon Sep 17 00:00:00 2001
From: James Fletcher <42464962+jf205@users.noreply.github.com>
Date: Mon, 28 Apr 2025 10:42:40 +0100
Subject: [PATCH] Potential fix for code scanning alert no. 142: Missing origin
 verification in `postMessage` handler

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 docs/assets/js/asciinema-player.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/assets/js/asciinema-player.js b/docs/assets/js/asciinema-player.js
index 0d14b0dfcb..bbb3f569e7 100644
--- a/docs/assets/js/asciinema-player.js
+++ b/docs/assets/js/asciinema-player.js
@@ -146,7 +146,8 @@
     } else {
       var h = [], g = String(Math.random());
       window.addEventListener("message", function (e) {
-        if (e.data === g) {
+        var trustedOrigins = ['https://www.example.com']; // Add your trusted origins here
+        if (trustedOrigins.includes(e.origin) && e.data === g) {
           var t = h;
           h = [], t.forEach(function (e) {
             e()