SystemSh0cker/monaco-editor
1
0
Fork 0
mirror of https://github.com/microsoft/monaco-editor.git synced 2025-12-22 05:50:11 +01:00
Code Issues Projects Releases Packages Activity

Don't load code when not in sandbox.

Browse source
This commit is contained in:
Henning Dieterichs 2023-02-15 16:43:32 +01:00 committed by Henning Dieterichs
parent 6b1ae1c271
commit f8bdfcbaba
1 changed files with 9 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

10
website/src/runner/index.ts
View file

@ -8,6 +8,12 @@ import { IMessage, IPreviewState } from "../shared";
import "./style.scss"; import "./style.scss";
window.addEventListener("message", (event) => { window.addEventListener("message", (event) => {
const isInSandbox = window.origin === "null";
if (!isInSandbox) {
// To prevent someone from using this html file to run arbitrary code in non-sandboxed context
console.error("not in sandbox");
return;
}
const e = event.data as IMessage | { kind: undefined }; const e = event.data as IMessage | { kind: undefined };
if (e.kind === "initialize") { if (e.kind === "initialize") {
initialize(e.state); initialize(e.state);
@ -43,7 +49,9 @@ async function initialize(state: IPreviewState) {
eval(state.js); eval(state.js);
} catch (err) { } catch (err) {
const pre = document.createElement("pre"); const pre = document.createElement("pre");
pre.appendChild(document.createTextNode(`${err}`)); pre.appendChild(
document.createTextNode(`${err}: ${(err as any).state}`)
);
document.body.insertBefore(pre, document.body.firstChild); document.body.insertBefore(pre, document.body.firstChild);
} }
} }