fix(trace-viewer): validate origin of postMessage trace blob (#40548)

Author: pavelfeldman

packages/trace-viewer/src/ui/workbenchLoader.tsx

@@ -69,6 +69,8 @@ export const WorkbenchLoader: React.FunctionComponent<{
   });
   React.useEffect(() => {
     const listener = (e: MessageEvent) => {
+      if (e.origin !== window.location.origin)
+        return;
       const { method, params } = e.data;
 
       if (method !== 'load' || !(params?.trace instanceof Blob))