shen/monaco-editor
1
0
Fork 0
mirror of https://github.com/microsoft/monaco-editor.git synced 2024-11-25 16:35:44 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Don't load code when not in sandbox.

Browse Source
This commit is contained in:
Henning Dieterichs 2023-02-15 16:43:32 +01:00 committed by Henning Dieterichs
parent 6b1ae1c271
commit f8bdfcbaba
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
website/src/runner/index.ts
View File

@ -8,6 +8,12 @@ import { IMessage, IPreviewState } from "../shared";
import "./style.scss";
window.addEventListener("message", (event) => {
const isInSandbox = window.origin === "null";
if (!isInSandbox) {
// To prevent someone from using this html file to run arbitrary code in non-sandboxed context
console.error("not in sandbox");
return;
}
const e = event.data as IMessage | { kind: undefined };
if (e.kind === "initialize") {
initialize(e.state);
@ -43,7 +49,9 @@ async function initialize(state: IPreviewState) {
eval(state.js);
} catch (err) {
const pre = document.createElement("pre");
pre.appendChild(document.createTextNode(`${err}`));
pre.appendChild(
document.createTextNode(`${err}: ${(err as any).state}`)
);
document.body.insertBefore(pre, document.body.firstChild);
}
}