diff --git a/www/js/search.js b/www/js/search.js index f060f4121a4e2910aa5bd17938231d7d16247ebc..0b7e1e884638613a4199078a67f88998c2c72c96 100644 --- a/www/js/search.js +++ b/www/js/search.js @@ -259,6 +259,19 @@ googleOrigin = /^https?:\/\/www\.google\.com$/, + isValidOrigin = function(origin) { + if (googleOrigin.test(origin)) { + return false; + } + + // don't allow self origin or browser extension origins + if (origin == location.origin || /^chrome:/.test(origin)) { + return false; + } + + return true; + }, + passiveQuery = function(q, track) { if (query === q) { return; @@ -330,7 +343,7 @@ $(window).on('message', function(e) { var oEvent = e.originalEvent, q; - if (googleOrigin.test(oEvent.origin)) { + if (!isValidOrigin(oEvent.origin)) { return; }