search

Aaronius / penpal

A promise-based library for securely communicating with iframes via postMessage.
MIT License
403 stars 56 forks source link

Support Arrays for parentOrigin parameter #2

Closed Gomah closed 7 years ago

Gomah commented 7 years ago

Thanks for actively maintaining this repository 👍

Gomah commented 7 years ago

Not sure about the hijack scenario as we are checking the defined parentOrigin Array/string against event.origin ?

https://jsfiddle.net/ymqr66ac/

Aaronius commented 7 years ago

I got it backward. http://example.com could load in and communicate with a view that is expecting to only communicate with http://example.company.

https://jsfiddle.net/mt6nv0hd/1/

Thanks for this PR. I'll fix it up and get it merged.

Aaronius commented 7 years ago

@Gomah I've published this as 2.5.0. Thank you for the contribution!

Gomah commented 7 years ago

Great, thanks @Aaronius !