KEYCLOAK-2617 Ignore postmessages if not initiated by keycloak.js

wrtcoder · Jul 4, 2016 · f3a780c · f3a780c
1 parent 450b57c
commit f3a780c
Showing 1 changed file with 16 additions and 2 deletions.
diff --git a/adapters/oidc/js/src/main/resources/keycloak.js b/adapters/oidc/js/src/main/resources/keycloak.js
@@ -39,7 +39,7 @@
             storage = new PersistentStorage();
 
             if (initOptions && initOptions.adapter === 'cordova') {
-               adapter = loadAdapter('cordova');
+                adapter = loadAdapter('cordova');
             } else if (initOptions && initOptions.adapter === 'default') {
                 adapter = loadAdapter();
             } else {
@@ -792,8 +792,22 @@
                 if (event.origin !== loginIframe.iframeOrigin) {
                     return;
                 }
-                var data = JSON.parse(event.data);
+
+                try {
+                    var data = JSON.parse(event.data);
+                } catch (err) {
+                    return;
+                }
+
+                if (!data.callbackId) {
+                    return;
+                }
+
                 var promise = loginIframe.callbackMap[data.callbackId];
+                if (!promise) {
+                    return;
+                }
+
                 delete loginIframe.callbackMap[data.callbackId];
 
                 if ((!kc.sessionId || kc.sessionId == data.session) && data.loggedIn) {