web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
Sign Up for Ask a Community Pro Today!
Share your business problems and get Power Platform leaders' perspectives!
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / PowerApp WebPlayer SDK...
Power Apps
Unanswered

PowerApp WebPlayer SDK vulnerability and correct usage

(0) ShareShare
ReportReport
Posted on by gmatsumoto Microsoft Employee

Hello,

 

We had a previous issue with the PowerApp SDK on this thread postMessage with star origin issue - Power Platform Community (microsoft.com).

We are using the PowerApp SDK from https://apps.powerapps.com/apphost/clientsdk?version=1

We received a complain about a vulnerability regarding two PostMessage API `message` event listeners that are registered. Both event listeners validate the origin of received messages using a whitelist and a RegEx as a fallback.

The validation RegEx will accept any URL that begins with `https://app.powerapps.com` does not do sufficient checks to ensure its not exploited for unauthorized usage.

Is there a team or a point of contact we can contact about the PowerApp SDK? Is there any updated version provided in an npm package or similar that we can use?

 

Thanks

Guilherme

Categories:
Power Apps Pro Dev & ISV
I have the same question (0)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Sign Up for Ask a Community Pro Today!
Share your business problems and get Power Platform leaders' perspectives!

Quick Links

Forum hierarchy changes are complete!

In our never-ending quest to improve we are simplifying the forum hierarchy…

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the December Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
WarrenBelz Profile Picture

WarrenBelz 291 Most Valuable Professional

#2
Kalathiya Profile Picture

Kalathiya 282 Super User 2026 Season 1

#3
VASANTH KUMAR BALMADI Profile Picture

VASANTH KUMAR BALMADI 195

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans