13d952dc9d
Add `e.source !== window` check to both content script and main-world script message handlers, preventing iframes from injecting or intercepting extension bridge messages.