Permalink
Browse files

(patch) Respect cross-domain iframes

When adding mouse and touch events, it was looking for parent
windows to detect mouse movements there too. However, when the
iframe with the oCanvas content exists on a different domain
than the parent window, the checks would cause permission errors.
This avoids it by comparing the host of the referrer and the
current host (for the content inside the iframe).
  • Loading branch information...
1 parent 94a81d8 commit 465d2b78f0e5c3ae07b46fe31220085dbea35185 @koggdal committed Mar 14, 2013
Showing with 6 additions and 2 deletions.
  1. +3 −1 src/mouse.js
  2. +3 −1 src/touch.js
View
@@ -64,7 +64,9 @@
self.docHandler(e);
}, false);
- if (window.parent !== window) {
+ var a = document.createElement('a');
+ a.href = document.referrer;
+ if (a.host === window.location.host && window.parent !== window) {
oCanvas.addDOMEventHandler(core, window.parent.document, type, function (e) {
self.docHandler(e);
}, false);
View
@@ -67,7 +67,9 @@
self.docHandler(e);
}, false);
- if (window.parent !== window) {
+ var a = document.createElement('a');
+ a.href = document.referrer;
+ if (a.host === window.location.host && window.parent !== window) {
oCanvas.addDOMEventHandler(core, window.parent.document, type, function (e) {
self.docHandler(e);
}, false);

0 comments on commit 465d2b7

Please sign in to comment.