check origin in download sandbox

2021-03-03 17:50:23 +01:00 · 2021-03-03 17:50:23 +01:00 · 423a0664cd
parent f8264f1726
commit 423a0664cd
1 changed files with 2 additions and 2 deletions
--- a/assets/download-sandbox.html
+++ b/assets/download-sandbox.html
@ -4,7 +4,7 @@
        <meta charset="utf-8">
    </head>
    <body>
-        <a id="link" href="#">Download!</a>
+        <a id="link" href="#">Download</a>
        <script type="text/javascript">
            var link = document.getElementById("link");
            function download(blob, filename) {
@ -15,7 +15,7 @@
                URL.revokeObjectURL(url);
            }
            window.addEventListener("message", function(event) {
-                if (event.data.type === "download") {
+                if (event.origin === window.location.origin && event.data.type === "download") {
                    download(event.data.blob, event.data.filename);
                }
            });