-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Frontend editing #158
base: develop
Are you sure you want to change the base?
Frontend editing #158
Conversation
event.preventDefault() | ||
|
||
// Inform the parent page of the selected item | ||
window.parent.postMessage(pk, '*'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
*
should not be used in this case. From MDN:
Always provide a specific targetOrigin, not *, if you know where the other window's document should be located. Failing to provide a specific target discloses the data you send to any interested malicious site.
In this case it should always be the same origin - use window.location.origin
instead.
pk = pk.split('/') | ||
pk = pk[4] | ||
|
||
// Prevent default |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This comment doesn't add any information - we know what event.preventDefault
does, and "Prevent default" wouldn't explain it to anyone if they did not.
Changes needed for PR#302 on PT