web/cryptpad
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Protect current pad keys in the unsafe iframe

Browse Source
This commit is contained in:
yflory
2020-04-07 17:12:06 +02:00
parent 43904df0fb
commit 0ccc57f6f7
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
www/common/sframe-common-outer.js
View File

@@ -488,7 +488,7 @@ define([
// Put in the following function the RPC queries that should also work in filepicker
var addCommonRpc = function (sframeChan) {
var addCommonRpc = function (sframeChan, safe) {
sframeChan.on('Q_ANON_RPC_MESSAGE', function (data, cb) {
Cryptpad.anonRpcMsg(data.msg, data.content, function (err, response) {
cb({error: err, response: response});
@@ -595,6 +595,12 @@ define([
}
if (data.href) { href = data.href; }
Cryptpad.getPadAttribute(data.key, function (e, data) {
if (!safe && data) {
// Remove unsafe data for the unsafe iframe
delete data.href;
delete data.roHref;
delete data.password;
}
cb({
error: e,
data: data