github/svgedit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Security fix/Breaking change (Imagelib): Require allowedImageLibOrigins

Browse Source 
config array be set with safe origins or otherwise reject `postMessage`
  messages in case from untrusted sources
- Security fix/Breaking change (xdomain): Namespace xdomain file to avoid
  it being used to modify non-xdomain storage
- Security fix (Imagelib): Expose `dropXMLInternalSubset` to extensions
  for preventing billion laughs attack (and use in Imagelib)
This commit is contained in:
Brett Zamir
2018-09-24 20:59:47 +08:00
parent 25ed8ad465
commit 11baad0402
10 changed files with 55 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
editor/extensions/ext-helloworld.js
View File

@@ -32,7 +32,7 @@ export default {
// Must match the icon ID in helloworld-icon.xml
id: 'hello_world',
// Fallback, e.g., for `file://` access
// Fallback, e.g., for `file:///` access
icon: svgEditor.curConfig.extIconsPath + 'helloworld.png',
// This indicates that the button will be added to the "mode"