Security Update

2026-06-06 08:55:50 +00:00 · 2025-12-24 22:31:43 +08:00
parent e66d7b31cf
commit 2f12c4e22c
3 changed files with 27 additions and 13 deletions
--- a/core/tavern-helper/main.js
+++ b/core/tavern-helper/main.js
@@ -687,6 +687,13 @@ export function initializeApiListener() {
            return;
        }

+        // 终极安全修复：验证消息源窗口是否为已知的、由 renderer.js 创建的 iframe
+        // 这是防止来自控制台或恶意扩展的同源攻击的关键
+        if (!window.Amily2Renderer?.winMap?.has(event.source)) {
+            console.warn('[Amily2-Security] 收到来自未知源窗口的消息，已忽略。', event.source);
+            return;
+        }
+
        const handler = apiHandlers.get(data.request);
        const callbackRequest = `${data.request}_callback`;

--- a/core/tavern-helper/renderer-bindings.js
+++ b/core/tavern-helper/renderer-bindings.js
@@ -20,20 +20,21 @@ export function initializeRendererBindings() {
        if (!extension_settings[extensionName]) {
            extension_settings[extensionName] = {};
        }
-        extension_settings[extensionName].amily_render_enabled = isChecked;
-        saveSettingsDebounced();
+        const wasEnabled = extension_settings[extensionName].amily_render_enabled;
+        const isEnabled = this.checked;
+        extension_settings[extensionName].amily_render_enabled = isEnabled;

-        if (isChecked && !isRendererInitialized) {
-            initializeRenderer();
-            isRendererInitialized = true;
-            console.log("[Amily2-Renderer] Renderer has been initialized on-demand.");
-        }
-
-        if (isChecked) {
-            renderAllIframes();
-        } else {
-            clearAllIframes();
-        }
+        // 使用防抖保存，避免频繁操作
+        saveSettingsDebounced().then(() => {
+            // 仅在状态实际发生变化时执行渲染或清理
+            if (wasEnabled !== isEnabled) {
+                if (isEnabled) {
+                    renderAllIframes();
+                } else {
+                    clearAllIframes();
+                }
+            }
+        });
    });

    container.on('change', '#render-depth', function () {
--- a/core/tavern-helper/renderer.js
+++ b/core/tavern-helper/renderer.js
@@ -493,6 +493,12 @@ function registerIframeMapping(iframe, wrapper) {
 }

 function handleIframeMessage(event) {
+    // 安全修复：严格验证消息来源，只处理来自已知 iframe 的消息
+    // 即使是同源，也必须是我们自己创建的 iframe
+    if (!winMap.has(event.source)) {
+        return;
+    }
+
    const data = event.data || {};
    let rec = winMap.get(event.source);
    if (!rec || !rec.iframe) {