fix(security): Add secretToken to mediator commands (!222) · Merge requests · GitLab.org / gitlab-web-ide · GitLab

Paul Slaughter requested to merge gitlab-org/security/gitlab-web-ide:security-0.0.1-dev-20230713160749 into main Aug 02, 2023

Description

This MR ports the changes over from the security branch security-0.0.1-dev-20230713160749.

Original description

This prevents XSS by using a runtime generated secret token to communicate with the mediator
It does not solve the problem that mediator commands are available to other extensions. That will be solves in this issue.