You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Before I begin; congratulations! I have spent many hours on this problem yet I was not able to solve it. This library worked like a charm.
My concern is since guests are sending messages to hosts, if a guest is untrusted, and the host does not sanitize inputs from the guest, the guest can execute malicious programs inside the host environment. Is this addressed already?
The text was updated successfully, but these errors were encountered:
Thanks, all the messages are sent as strings, rather than JS objects. This is due to this being first written in the days of IE6. So their is no option to pass code. in addition to this by default iFrameResizer only accepts messages from the domain in the the iFrame tag. This is do using the security options built into the PostMessage API.
I first wrote this eight years ago and I have never had a security incident raised. It is used by at lease one financial institution who made a small suggestion on hardening the API and this was implemented.
Before I begin; congratulations! I have spent many hours on this problem yet I was not able to solve it. This library worked like a charm.
My concern is since guests are sending messages to hosts, if a guest is untrusted, and the host does not sanitize inputs from the guest, the guest can execute malicious programs inside the host environment. Is this addressed already?
The text was updated successfully, but these errors were encountered: