Add more non-matching target origins

This commit is contained in:
Kevin Sawicki 2017-04-26 11:03:11 -07:00
parent efc62629ef
commit 56a4a69dee
2 changed files with 10 additions and 4 deletions

View file

@ -645,7 +645,7 @@ describe('chromium feature', function () {
listener = function (event) {
window.removeEventListener('message', listener)
b.close()
assert.equal(event.data, 'second message')
assert.equal(event.data, 'deliver')
done()
}
window.addEventListener('message', listener)

View file

@ -4,10 +4,16 @@
const url = require('url')
if (url.parse(window.location.href, true).query.opened != null) {
// Ensure origins are properly checked by removing a single character from the end
window.opener.postMessage('first message', window.location.origin.substring(0, window.location.origin.length - 1))
window.opener.postMessage('second message', window.location.origin)
window.opener.postMessage('do not deliver substring origin', window.location.origin.substring(0, window.location.origin.length - 1))
window.opener.postMessage('do not deliver file://', 'file://')
window.opener.postMessage('do not deliver http without port', 'http://127.0.0.1')
window.opener.postMessage('do not deliver atom', 'atom://')
window.opener.postMessage('do not deliver null', 'null')
window.opener.postMessage('do not deliver \\:/', '\\:/')
window.opener.postMessage('do not deliver empty', '')
window.opener.postMessage('deliver', window.location.origin)
} else {
const opened = window.open(`${window.location.href}?opened=true`)
const opened = window.open(`${window.location.href}?opened=true`, '', 'show=no')
window.addEventListener('message', function (event) {
window.opener.postMessage(event.data, '*')
opened.close()