phlux/mattermostest
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Disable websecurity for webview

Browse Source 
Only for source code.
This option should not be enabled to prevent XSS.

ref: #35, #55 and #59
This commit is contained in:
Yuya Ochiai
2016-03-11 21:47:39 +09:00
parent 97808373ed
commit fcbfae69a7
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/browser/index.jsx
View File

@@ -219,6 +219,10 @@ var MattermostView = React.createClass({
var thisObj = this; var thisObj = this;
var webview = ReactDOM.findDOMNode(this.refs.webview); var webview = ReactDOM.findDOMNode(this.refs.webview);
// This option disables the same-origin policy and allows js/css/plugins not only content like images.
// So this should not be enabled.
webview.setAttribute('disablewebsecurity', true);
webview.addEventListener('did-fail-load', function(e) { webview.addEventListener('did-fail-load', function(e) {
console.log(thisObj.props.name, 'webview did-fail-load', e); console.log(thisObj.props.name, 'webview did-fail-load', e);
if (e.errorCode === -3) { // An operation was aborted (due to user action). if (e.errorCode === -3) { // An operation was aborted (due to user action).