Workaround for the VoteWidgetPage.postMessage() security error.

But it's not secure, see #84. VoteWidgetPage.postMessage() will now also pass a JSON string.
JMLX42 · Oct 22, 2016 · d397005 · d397005
1 parent 2585408
commit d397005
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/app/src/script/page/embed/VoteWidgetPage.jsx b/app/src/script/page/embed/VoteWidgetPage.jsx
@@ -17,11 +17,13 @@ var VoteWidgetPage = React.createClass({
     ReactIntl.IntlMixin,
   ],
 
-  postMessage: function(msg, vote) {
-    console.log('postMessage: ' + msg, vote);
+  postMessage: function(msg, data) {
     if (!!window.parent) {
       // FIXME: we should not use a wildcard
-      window.parent.postMessage(msg, '*');
+      window.parent.postMessage(
+        JSON.stringify(Object.assign({}, data, {message: msg})),
+        '*'
+      );
     }
   },