Added event.origin to msg passing for improved security + removed redundant env.extensionActive init ↞ [auto-sync from https://github.com/adamlui/ai-web-extensions/tree/main/chatgpt-infinity]

kudo-sync-bot · kudo-sync-bot · commit 704728f30b68 · 2025-02-28T10:19:39.000-08:00
diff --git a/chatgpt/chatgpt-infinity/chatgpt-infinity.user.js b/chatgpt/chatgpt-infinity/chatgpt-infinity.user.js
@@ -199,7 +199,7 @@
 // @description:zh-TW   從無所不知的 ChatGPT 生成無窮無盡的答案 (用任何語言!)
 // @author              Adam Lui
 // @namespace           https://github.com/adamlui
-// @version             2025.2.28.1
+// @version             2025.2.28.2
 // @license             MIT
 // @icon                https://assets.chatgptinfinity.com/images/icons/infinity-symbol/circled/with-robot/icon48.png?v=69e434b
 // @icon64              https://assets.chatgptinfinity.com/images/icons/infinity-symbol/circled/with-robot/icon64.png?v=69e434b
@@ -624,11 +624,13 @@
     toggles.sidebar.update.navicon({ preload: true })
 
     // Init EXTENSION ACTIVE state
-    env.extensionActive = false
-    postMessage({ action: 'getExtensionInfo', source: `${app.slug}.user.js` })
+    postMessage({ action: 'getExtensionInfo', source: `${app.slug}.user.js` }, location.origin)
     addEventListener('message', handleMsgResp)
     function handleMsgResp(resp) {
-        const sender = resp.data.source ; env.extensionActive = sender.includes(app.slug) && /extension/i.test(sender) }
+        if (resp.origin != location.origin) return
+        const sender = resp.data.source
+        env.extensionActive = sender.includes(app.slug) && /extension/i.test(sender)
+    }
     await new Promise(resolve => setTimeout(resolve, 100)) // wait for extension response
     removeEventListener('message', handleMsgResp)
 
