DuendeArchive · Jan 28, 2021
diff --git a/‎dist/oidc-client.js
+2-2 b/‎dist/oidc-client.js
+2-2
diff --git a/‎dist/oidc-client.min.js
+1-1 b/‎dist/oidc-client.min.js
+1-1
diff --git a/‎dist/oidc-client.rsa256.slim.js
+2-2 b/‎dist/oidc-client.rsa256.slim.js
+2-2
diff --git a/‎dist/oidc-client.rsa256.slim.min.js
+2-2 b/‎dist/oidc-client.rsa256.slim.min.js
+2-2
diff --git a/‎dist/oidc-client.slim.js
+2-2 b/‎dist/oidc-client.slim.js
+2-2
diff --git a/‎dist/oidc-client.slim.min.js
+1-1 b/‎dist/oidc-client.slim.min.js
+1-1
diff --git a/‎lib/oidc-client.js
+2-2 b/‎lib/oidc-client.js
+2-2
diff --git a/‎lib/oidc-client.min.js
+1-1 b/‎lib/oidc-client.min.js
+1-1
diff --git a/‎lib/oidc-client.rsa256.js
+2-2 b/‎lib/oidc-client.rsa256.js
+2-2
diff --git a/‎lib/oidc-client.rsa256.min.js
+1-1 b/‎lib/oidc-client.rsa256.min.js
+1-1
diff --git a/‎src/IFrameWindow.js
+2-1 b/‎src/IFrameWindow.js
+2-1
@@ -86,7 +86,8 @@ export class IFrameWindow {
 
         if (this._timer &&
             e.origin === this._origin &&
-            e.source === this._frame.contentWindow
+            e.source === this._frame.contentWindow &&
+            (typeof e.data === 'string' && (e.data.startsWith('http://') || e.data.startsWith('https://')))
         ) {
             let url = e.data;
             if (url) {