Fixed way of prevening to read foreign iframe content

magento · Mar 19, 2017 · 3026e81 · 3026e81
1 parent a6711c2
commit 3026e81
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/app/code/Magento/PageCache/view/frontend/web/js/page-cache.js b/app/code/Magento/PageCache/view/frontend/web/js/page-cache.js
@@ -42,17 +42,16 @@ define([
          */
         (function lookup(element) {
             // prevent cross origin iframe content reading
-            if (element.nodeName === "IFRAME") {
-                var iframeSrc = document.createElement('a');
-                iframeSrc.href = element.src;
-                if (window.location.hostname !== iframeSrc.hostname) {
+            if ($(element).prop('tagName') === 'IFRAME') {
+                var iframeHostName = $('<a>').prop('href', $(element).prop('src'))
+                                             .prop('hostname');
+
+                if (window.location.hostname !== iframeHostName) {
                     return [];
                 }
             }
 
             $(element).contents().each(function (index, el) {
-                var hostName, iFrameHostName;
-
                 switch (el.nodeType) {
                     case 1: // ELEMENT_NODE
                         lookup(el);