mirrors/ladybird
0
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-04-27 14:58:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

LibWeb: Make MessageEvents from {Window,MessagePort}.postMessage trusted

Browse source 
The MessagePort one in particular is required by Cloudflare Turnstile,
as the method it takes to run JS in a worker is to `eval` the contents
of `MessageEvent.data`. However, it will only do this if
`MessageEvent.isTrusted` is true, `MessageEvent.origin` is the empty
string and `MessageEvent.source` is `null`.

The Window version is a quick fix whilst in the vicinity, as its
MessageEvent should also be trusted.
This commit is contained in:
Luke Wilde 2024-11-15 17:15:34 +00:00 committed by Andreas Kling
parent f87041bf3a
commit 079c28d5e6
Notes: github-actions[bot] 2024-11-15 17:51:05 +00:00
6 changed files with 64 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
Libraries/LibWeb/HTML/Window.cpp
View file

@ -1165,6 +1165,7 @@ WebIDL::ExceptionOr<void> Window::window_post_message_steps(JS::Value message, W
message_event_init.ports = move(new_ports);
auto message_event = MessageEvent::create(target_realm, EventNames::message, message_event_init);
message_event->set_is_trusted(true);
dispatch_event(message_event);
}));