zoushiyang/page-agent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #389 from alibaba/fix/ext-postmessage-source-guard

Browse Source
This commit is contained in:
Simon
2026-04-02 19:06:06 +08:00
committed by GitHub
parent 1f2f5a44d3 13d952dc9d
commit b8fd1aaebc
2 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/extension/src/entrypoints/content.ts
View File

@@ -46,6 +46,8 @@ async function exposeAgentToPage() {
let multiPageAgent: InstanceType<typeof MultiPageAgent> | null = null let multiPageAgent: InstanceType<typeof MultiPageAgent> | null = null
window.addEventListener('message', async (e) => { window.addEventListener('message', async (e) => {
if (e.source !== window) return
const data = e.data const data = e.data
if (typeof data !== 'object' || data === null) return if (typeof data !== 'object' || data === null) return
if (data.channel !== 'PAGE_AGENT_EXT_REQUEST') return if (data.channel !== 'PAGE_AGENT_EXT_REQUEST') return

2
packages/extension/src/entrypoints/main-world.ts
View File

@@ -45,6 +45,8 @@ export default defineUnlistedScript(() => {
const promise = new Promise<ExecutionResult>((resolve, reject) => { const promise = new Promise<ExecutionResult>((resolve, reject) => {
function handleMessage(e: MessageEvent) { function handleMessage(e: MessageEvent) {
if (e.source !== window) return
const data = e.data const data = e.data
if (typeof data !== 'object' || data === null) return if (typeof data !== 'object' || data === null) return
if (data.channel !== 'PAGE_AGENT_EXT_RESPONSE') return if (data.channel !== 'PAGE_AGENT_EXT_RESPONSE') return