Added event.origin to msg passing for improved security + removed redundant env.extensionActive init ↞ [auto-sync from https://github.com/adamlui/ai-web-extensions/tree/main/chatgpt-auto-continue]

kudo-sync-bot · kudo-sync-bot · commit 0c2a2badb6b3 · 2025-02-28T10:20:38.000-08:00
diff --git a/chatgpt/chatgpt-auto-continue/chatgpt-auto-continue.user.js b/chatgpt/chatgpt-auto-continue/chatgpt-auto-continue.user.js
@@ -219,7 +219,7 @@
 // @description:zu      ⚡ Terus menghasilkan imibuzo eminingi ye-ChatGPT ngokwesizulu
 // @author              Adam Lui
 // @namespace           https://github.com/adamlui
-// @version             2025.2.28.1
+// @version             2025.2.28.2
 // @license             MIT
 // @icon                https://assets.chatgptautocontinue.com/images/icons/continue-symbol/circled/with-robot/icon48.png?v=8b39fb4
 // @icon64              https://assets.chatgptautocontinue.com/images/icons/continue-symbol/circled/with-robot/icon64.png?v=8b39fb4
@@ -498,11 +498,13 @@
     // Run MAIN routine
 
     // Init EXTENSION ACTIVE state
-    env.extensionActive = false
-    postMessage({ action: 'getExtensionInfo', source: `${app.slug}.user.js` })
+    postMessage({ action: 'getExtensionInfo', source: `${app.slug}.user.js` }, location.origin)
     addEventListener('message', handleMsgResp)
     function handleMsgResp(resp) {
-        const sender = resp.data.source ; env.extensionActive = sender.includes(app.slug) && /extension/i.test(sender) }
+        if (resp.origin != location.origin) return
+        const sender = resp.data.source
+        env.extensionActive = sender.includes(app.slug) && /extension/i.test(sender)
+    }
     await new Promise(resolve => setTimeout(resolve, 100)) // wait for extension response
     removeEventListener('message', handleMsgResp)
 
