diff --git a/docs/public/wasm/compiler-worker.js b/docs/public/wasm/compiler-worker.js
index 5d9349a151c..d244af4fb72 100644
--- a/docs/public/wasm/compiler-worker.js
+++ b/docs/public/wasm/compiler-worker.js
@@ -85,6 +85,12 @@
    * Handle incoming messages from the main thread.
    */
   self.onmessage = async function (event) {
+    // Only accept messages from the same origin (or the dedicated-worker
+    // empty-string origin) to prevent cross-origin attacks.
+    if (event.origin && event.origin !== self.location.origin) {
+      return;
+    }
+
     var msg = event.data;
 
     if (msg.type !== 'compile') {