aboutsummaryrefslogtreecommitdiff
path: root/src/webex/pages
diff options
context:
space:
mode:
authorFlorian Dold <florian.dold@gmail.com>2018-02-07 16:15:40 +0100
committerFlorian Dold <florian.dold@gmail.com>2018-02-07 16:15:40 +0100
commitf1bef0473bf5e3f2661dd6ba82f6350164ff69ab (patch)
tree528f0125de466c6cb2fd64b8be71700c29f86e1e /src/webex/pages
parent9b0cd71a4dea13fa80c69d0ff8644e3a77c34874 (diff)
downloadwallet-core-f1bef0473bf5e3f2661dd6ba82f6350164ff69ab.tar.xz
prevent embedding wallet pages in other web pages
Diffstat (limited to 'src/webex/pages')
-rw-r--r--src/webex/pages/redirect.html14
-rw-r--r--src/webex/pages/redirect.js12
2 files changed, 26 insertions, 0 deletions
diff --git a/src/webex/pages/redirect.html b/src/webex/pages/redirect.html
new file mode 100644
index 000000000..9d07d3d2b
--- /dev/null
+++ b/src/webex/pages/redirect.html
@@ -0,0 +1,14 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+ <meta charset="utf-8">
+
+ <script src="/src/webex/pages/redirect.js"></script>
+</head>
+
+<body>
+ Redirecting to extension page ...
+</body>
+
+</html>
diff --git a/src/webex/pages/redirect.js b/src/webex/pages/redirect.js
new file mode 100644
index 000000000..5a758cce4
--- /dev/null
+++ b/src/webex/pages/redirect.js
@@ -0,0 +1,12 @@
+/**
+ * This is the entry point for redirects, and should be the only
+ * web-accessible resource declared in the manifest. This prevents
+ * malicious websites from embedding wallet pages in them.
+ *
+ * We still need this redirect page since a webRequest can only directly
+ * redirect to pages inside the extension that are a web-accessible resource.
+ */
+
+
+const myUrl = new URL(window.location.href);
+window.location.replace(myUrl.searchParams.get("url"));
generated by cgit v1.2.3 (git 2.26.2) at 2024-08-20 05:40:17 +0000