Improving security: only iframes opened with "openWebsiteAllowApi" property are now able to send/receive messages.

2021-03-06 16:00:07 +01:00 · 2021-03-06 16:00:07 +01:00 · 7d67f55012
commit 7d67f55012
parent e927e0fa16
4 changed files with 50 additions and 18 deletions
--- a/maps/tests/iframe_api.json
+++ b/maps/tests/iframe_api.json
@ -44,6 +44,11 @@
                 "name":"openWebsite",
                 "type":"string",
                 "value":"iframe.html"
+                }, 
+                {
+                 "name":"openWebsiteAllowApi",
+                 "type":"bool",
+                 "value":true
                }],
         "type":"tilelayer",
         "visible":true,