From ed8756e607a634df506201c9fd922ed68c99bafb Mon Sep 17 00:00:00 2001
From: Frank Koenders <frank.koenders@gynzy.com>
Date: Wed, 21 Jun 2023 12:44:00 +0200
Subject: [PATCH 1/3] feat: improve security

---
 .../lib/src/web_webview_controller.dart                  | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart b/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
index eaff98930bb..91089dcc62c 100644
--- a/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
+++ b/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
@@ -118,6 +118,15 @@ class WebWebViewController extends PlatformWebViewController {
   ) async {
     void handler(html.Event event) {
       if (event is html.MessageEvent) {
+        final String? iFrameSrc = _webWebViewParams.iFrame.src;
+        if (event.origin.isEmpty || iFrameSrc == null) {
+          return;
+        }
+
+        // Security check
+        if (!iFrameSrc.startsWith(event.origin)) {
+          return;
+        }
         javaScriptChannelParams.onMessageReceived(
             JavaScriptMessage(message: event.data.toString()));
       }

From cd8452c89454ff24677aebf2795cb5704afc7ceb Mon Sep 17 00:00:00 2001
From: Frank Koenders <frank.koenders@gynzy.com>
Date: Wed, 21 Jun 2023 12:46:45 +0200
Subject: [PATCH 2/3] feat: prevent messages from being processed more than
 once

In case multiple webviews were used, messages previously were processed multiple times. This can now be fixed by choosing a unique channel name per webview.
---
 .../lib/src/web_webview_controller.dart          | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart b/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
index 91089dcc62c..59fd9e221e6 100644
--- a/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
+++ b/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
@@ -127,8 +127,22 @@ class WebWebViewController extends PlatformWebViewController {
         if (!iFrameSrc.startsWith(event.origin)) {
           return;
         }
+
+        // ignore: avoid_dynamic_calls
+        final String? channelName = event.data?['channel'] as String?;
+        if (channelName != javaScriptChannelParams.name) {
+          return;
+        }
+
+        // ignore: avoid_dynamic_calls
+        final String? message = event.data?['message'] as String?;
+        if (message == null) {
+          return;
+        }
+
         javaScriptChannelParams.onMessageReceived(
-            JavaScriptMessage(message: event.data.toString()));
+          JavaScriptMessage(message: message),
+        );
       }
     }
 

From ed1a1f367d7bf088694bc4a44f253b35eb1e65be Mon Sep 17 00:00:00 2001
From: Jeroen Bell <31880135+jeroenbell@users.noreply.github.com>
Date: Thu, 1 Aug 2024 15:46:58 +0200
Subject: [PATCH 3/3] fix: add type check to event.data

---
 .../lib/src/web_webview_controller.dart                | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart b/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
index 59fd9e221e6..e861d3c1f9e 100644
--- a/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
+++ b/packages/webview_flutter/webview_flutter_web/lib/src/web_webview_controller.dart
@@ -29,7 +29,7 @@ class WebWebViewControllerCreationParams
     // ignore: avoid_unused_constructor_parameters
     PlatformWebViewControllerCreationParams params, {
     @visibleForTesting
-        HttpRequestFactory httpRequestFactory = const HttpRequestFactory(),
+    HttpRequestFactory httpRequestFactory = const HttpRequestFactory(),
   }) : this(httpRequestFactory: httpRequestFactory);
 
   static int _nextIFrameId = 0;
@@ -128,14 +128,18 @@ class WebWebViewController extends PlatformWebViewController {
           return;
         }
 
+        if (event.data == null || event.data is! Map) {
+          return;
+        }
+
         // ignore: avoid_dynamic_calls
-        final String? channelName = event.data?['channel'] as String?;
+        final String? channelName = event.data['channel'] as String?;
         if (channelName != javaScriptChannelParams.name) {
           return;
         }
 
         // ignore: avoid_dynamic_calls
-        final String? message = event.data?['message'] as String?;
+        final String? message = event.data['message'] as String?;
         if (message == null) {
           return;
         }