Better XSS Check for frames.erb

[RedYetiDev]

Description

Yikes! I'm so embarrassed. My patch fails to resolve the XSS/Open-Redirect vulnerability. This second patch will fix it, and I've done much testing to confirm it. Please understand my mistake and implement this into the repository.

Proof-Of Concept

See the following pen for an example: https://codepen.io/Aviv-Keller/pen/mdgdmyW #!:javascript:alert("XSS")

Completed Tasks

• [x] I have read the Contributing Guide.
• [x] The pull request is complete (implemented / written).
• [x] Git commits have been cleaned up (squash WIP / revert commits).
• [ ] I wrote tests and ran bundle exec rake locally (if code is attached to PR).

[RedYetiDev]

Even with this, I still believe the best way to resolve this permanently is to use URL:

let url = new URL(name, location.href)
url.origin === location.origin

[RedYetiDev]

Dear @lsegal, I apologize for the oversight regarding your library's XSS and Open-Redirect vulnerabilities. I acknowledge and accept full responsibility for this lapse in judgment. It was a regrettable mistake, and I deeply regret any inconvenience or concern it may have caused. My failure to patch these vulnerabilities thoroughly may have ended your trust in me. I understand the gravity of this situation and the impact it may have had on our professional relationship. Please know that I am genuinely remorseful and committed to rectifying the situation to the best of my abilities. In light of this, I have taken steps to address the vulnerabilities and have provided a suggested pull request (PR) for your consideration. Given the circumstances, I understand if you consider this suggestion with caution, and I respect your decision either way. Moving forward, I am dedicated to implementing more rigorous testing protocols to prevent such oversights in the future. Once again, I extend my deepest apologies for any inconvenience or disappointment caused. I am available to talk about this more whenever you get a chance and to collaborate on any necessary steps to ensure the security and integrity of your library. Thank you for your understanding and patience.

[RedYetiDev]

I like your idea, I'm gonna squash and reopen a pull-request.