2017-04-26 17:44:16 +00:00
|
|
|
<html>
|
|
|
|
<body>
|
|
|
|
<script type="text/javascript" charset="utf-8">
|
2023-06-15 14:42:27 +00:00
|
|
|
const url = require('node:url')
|
2021-04-21 17:55:17 +00:00
|
|
|
function tryPostMessage(...args) {
|
|
|
|
try {
|
|
|
|
window.opener.postMessage(...args)
|
|
|
|
} catch (e) {
|
|
|
|
console.error(e)
|
|
|
|
}
|
|
|
|
}
|
2017-04-26 17:44:16 +00:00
|
|
|
if (url.parse(window.location.href, true).query.opened != null) {
|
2017-04-26 17:55:38 +00:00
|
|
|
// Ensure origins are properly checked by removing a single character from the end
|
2021-04-21 17:55:17 +00:00
|
|
|
tryPostMessage('do not deliver substring origin', window.location.origin.substring(0, window.location.origin.length - 1))
|
|
|
|
tryPostMessage('do not deliver file://', 'file://')
|
|
|
|
tryPostMessage('do not deliver http without port', 'http://127.0.0.1')
|
|
|
|
tryPostMessage('do not deliver atom', 'atom://')
|
|
|
|
tryPostMessage('do not deliver null', 'null')
|
|
|
|
tryPostMessage('do not deliver \\:/', '\\:/')
|
|
|
|
tryPostMessage('do not deliver empty', '')
|
2017-04-26 18:03:11 +00:00
|
|
|
window.opener.postMessage('deliver', window.location.origin)
|
2017-04-26 17:44:16 +00:00
|
|
|
} else {
|
2021-04-21 17:55:17 +00:00
|
|
|
const opened = window.open(`${window.location.href}?opened=true`, '', 'show=no,contextIsolation=no,nodeIntegration=yes')
|
2017-04-26 17:44:16 +00:00
|
|
|
window.addEventListener('message', function (event) {
|
|
|
|
window.opener.postMessage(event.data, '*')
|
|
|
|
opened.close()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|