fix xss issue reported by @realansgar, regression from 3dade6117628beb7706b4abdc61c268ce281abbc

plugin/notes/speaker-view.html

@@ -383,6 +383,13 @@
 
 				window.addEventListener( 'message', function( event ) {
 
+					// Validate the origin of all messages to avoid parsing messages
+					// that aren't meant for us. Ignore when running off file:// so
+					// that the speaker view continues to work without a web server.
+					if( window.location.origin !== event.origin && window.location.origin !== 'file://' ) {
+						return
+					}
+
 					clearTimeout( connectionTimeout );
 					connectionStatus.style.display = 'none';