diff options
author | Florian Dold <florian.dold@gmail.com> | 2018-02-07 16:15:40 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2018-02-07 16:15:40 +0100 |
commit | f1bef0473bf5e3f2661dd6ba82f6350164ff69ab (patch) | |
tree | 528f0125de466c6cb2fd64b8be71700c29f86e1e /src/webex/pages/redirect.js | |
parent | 9b0cd71a4dea13fa80c69d0ff8644e3a77c34874 (diff) | |
download | wallet-core-f1bef0473bf5e3f2661dd6ba82f6350164ff69ab.tar.xz |
prevent embedding wallet pages in other web pages
Diffstat (limited to 'src/webex/pages/redirect.js')
-rw-r--r-- | src/webex/pages/redirect.js | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/webex/pages/redirect.js b/src/webex/pages/redirect.js new file mode 100644 index 000000000..5a758cce4 --- /dev/null +++ b/src/webex/pages/redirect.js @@ -0,0 +1,12 @@ +/** + * This is the entry point for redirects, and should be the only + * web-accessible resource declared in the manifest. This prevents + * malicious websites from embedding wallet pages in them. + * + * We still need this redirect page since a webRequest can only directly + * redirect to pages inside the extension that are a web-accessible resource. + */ + + +const myUrl = new URL(window.location.href); +window.location.replace(myUrl.searchParams.get("url")); |