From 146e6665c8e21548b20626882f08acfa5ad51cb7 Mon Sep 17 00:00:00 2001
From: Pascal Birchler <swissspidy@git.wordpress.org>
Date: Tue, 5 Jul 2016 16:15:04 +0000
Subject: [PATCH] Update/Install: Reject invalid messages in the Shiny Updates
 `postMessage` handler.

This prevents conflicts with third-party messages (e.g. sent by browser extensions). The updates script expects a specific JSON-encoded message and now bails early if it's not valid JSON.

Fixes #37125.

git-svn-id: https://develop.svn.wordpress.org/trunk@37976 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/js/updates.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/wp-admin/js/updates.js b/src/wp-admin/js/updates.js
index 70193421bd..c97c0bb901 100644
--- a/src/wp-admin/js/updates.js
+++ b/src/wp-admin/js/updates.js
@@ -2144,7 +2144,11 @@
 				return;
 			}
 
-			message = $.parseJSON( originalEvent.data );
+			try {
+				message = $.parseJSON( originalEvent.data );
+			} catch ( e ) {
+				return;
+			}
 
 			if ( 'undefined' === typeof message.action ) {
 				return;