web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Power Apps / PowerApp WebPlayer SDK...
Power Apps
Unanswered

PowerApp WebPlayer SDK vulnerability and correct usage

(0) ShareShare
ReportReport
Posted on by gmatsumoto Microsoft Employee

Hello,

 

We had a previous issue with the PowerApp SDK on this thread postMessage with star origin issue - Power Platform Community (microsoft.com).

We are using the PowerApp SDK from https://apps.powerapps.com/apphost/clientsdk?version=1

We received a complain about a vulnerability regarding two PostMessage API `message` event listeners that are registered. Both event listeners validate the origin of received messages using a whitelist and a RegEx as a fallback.

The validation RegEx will accept any URL that begins with `https://app.powerapps.com` does not do sufficient checks to ensure its not exploited for unauthorized usage.

Is there a team or a point of contact we can contact about the PowerApp SDK? Is there any updated version provided in an npm package or similar that we can use?

 

Thanks

Guilherme

Categories:
Power Apps Pro Dev & ISV
I have the same question (0)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the February Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Power Apps

#1
Haque Profile Picture

Haque 70

#2
WarrenBelz Profile Picture

WarrenBelz 64 Most Valuable Professional

#3
Kalathiya Profile Picture

Kalathiya 36 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Auto-Populate field Power Pages
Gallery Tabs - Show or Hide Tabs based on Field Value
How to patch multiple records at once
Enable Copilot for end users in model-driven apps
Question for everyone : How are you using Create Text GPT in AI Builder?
Community content - sample components, blogs etc. - Link to this page (http://aka.ms/PCFdemos)
Welcome to the Power Apps forum!

Product updates

Microsoft Power Platform Community release plans