INP-1432 Process only frames from same domain
ClosedPublic
Actions

Authored by erik on May 5 2015, 4:27 AM.

Details

Reviewers

alex

Commits

Test Plan

open Admin Console
go to Configuration → Website → Advanced section
set Editing Window Style to Modal Window
go to Website & Content → Browse Website section
select Content Mode (in top frame)
input iframe tag like <iframe allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/seI3EA7zafw" width="560"></iframe> into some CMS block and press Save button
confirm that modal window closes

Repository

rINP In-Portal

Lint

Automatic diff as part of commit; lint not applicable.

Unit

Automatic diff as part of commit; unit tests not applicable.

erik retitled this revision from to INP-1432 Process only frames from same domain.

erik updated this object.

erik edited the test plan for this revision. (Show Details)

erik added 1 JIRA issue(s): INP-1432.

erik edited the test plan for this revision. (Show Details)May 5 2015, 4:31 AM

erik edited edge metadata.

Please implement same protection on other getFrame function in script.js file, as mentioned in task description.

This revision now requires changes to proceed.May 5 2015, 4:32 AM

Made same change in the script.js

alex accepted this revision.May 5 2015, 4:49 AM

alex edited edge metadata.

This revision is now accepted and ready to land.May 5 2015, 4:49 AM

This revision was automatically updated to reflect the committed changes.

alex added a project: Restricted Project.

Diff	ID	Base	Description	Created	Lint	Unit
Base			Base
Diff 1	171	16155		May 5 2015, 4:27 AM	★	★
Diff 2	172	16155	Made same change in the script.js	May 5 2015, 4:48 AM	★	★
Diff 3	295	16247	Commit rINP16249	Sep 2 2015, 3:59 PM	★	★

			Path	Packages
M			branches/5.2.x/core/admin_templates/incs/close_popup.tpl (14 lines)
M			branches/5.2.x/core/admin_templates/js/script.js (11 lines)