search

LavaMoat / snow

Use Snow to finally secure your web app's same origin realms!
https://lavamoat.github.io/snow/demo/
MIT License
102 stars 9 forks source link

Fix vulnerability in chromium bug workaround #99

Closed weizman closed 1 year ago

weizman commented 1 year ago

fixes #98 - instead of working around chromium bug by accessing the object's contentWindow prop, we call getOwnPropDesc on it, because while it gets the same effect, it cannot be trapped by an attacker.