DartPad hijacking #2994
Labels
area-preview-ui
P1
A high priority bug; for example, a single project is unusable or has many test failures
type-bug
Incorrect behavior (everything from a crash to more subtle misbehavior)
What happened?
Attacker code is injected on to the
docs.flutter.dev
dart-pad embed.Steps to reproduce problem
Additional info
I did think about making a PR in #2993 but made a mess instead.
Think the fix is to
Only allow DartPad injection from window.parent
for both code and error logs.The text was updated successfully, but these errors were encountered: