diff --git a/packages/client/iframes/monaco/index.ts b/packages/client/iframes/monaco/index.ts
index de7503d04a..c946b19d1e 100644
--- a/packages/client/iframes/monaco/index.ts
+++ b/packages/client/iframes/monaco/index.ts
@@ -135,6 +135,8 @@ async function start() {
 window.addEventListener('message', (payload) => {
   if (payload.source === window)
     return
+  if (payload.origin !== location.origin)
+    return
   if (typeof payload.data !== 'string')
     return
   const { type, data } = JSON.parse(payload.data)