Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Vim Vixen allows websites to show glorified cat harness ads in the console
See original GitHub issueDemo: https://vim-vixen-poc.glitch.me
<!DOCTYPE html>
<script>
window.setTimeout(function() {
const frame = document.querySelector('#vimvixen-console-frame')
frame.contentWindow.postMessage(
`{
"type": "command.show"
}`,
'*'
);
frame.contentWindow.postMessage(
`{
"type": "console.show.command",
"command": "Your cat hates harnesses? Kitty Holster to the rescue! Just $24.95 only now at kittyholster.com!"
}`,
'*'
);
}, 2000);
</script>
Issue Analytics
- State:
- Created 6 years ago
- Reactions:3
- Comments:6 (1 by maintainers)
Top Results From Across the Web
DIn - River Thames Conditions - Environment Agency - GOV.UK
#ios Saul goodman show spin off, Rob green attorney? Aatish sanjay dutt film download, House prices uk graph 2015, Rang jo lagyo re...
Read more >Untitled
... allophones allot allotment allotments allotrope allotropic allots allotted allotting allow allowable allowance allowances allowed allowing allows alloy ...
Read more >run code anywhere - Trinket
... SISTERING SISTERLY SISTERS SISTRA SISTROID SISTRUM SISTRUMS SIT SITAR SITARIST SITARISTS SITARS SITE SITED SITES SITH SITHENCE SITHENS SITING SITOLOGIES ...
Read more >the and a in i it with that at this on from he my or we but - OSF
... ready bear reply cat dark door contact otherwise within history event b waste character mess honest complete deep quality style k view...
Read more >wordlist.txt
... adriatic adrift adroit adroiter adroitest adroitly adroitness ads adsorb adsorbable adsorbate adsorbates adsorbed adsorbent adsorbents adsorbing adsorbs ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
You shouldn’t try to crypto your way out of this. You can just follow the security precautions here if you want to continue using the frame message API: https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns
But this is also totally possible with the webextension messaging API (see the mosi project as used by saka-key).
Much love, Tridactyl project lead.
I haven’t made further tests, but a shared key could be captured by temporarily loading a page you control in the frame and listening for the first message. That could be avoided by setting the console URL as the target in postMessage, but if possible, the current way of passing messages should be replaced with the extension messaging API.