mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Add more non-matching target origins

Browse source
This commit is contained in:
Kevin Sawicki 2017-04-26 11:03:11 -07:00
parent efc62629ef
commit 56a4a69dee
2 changed files with 10 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
spec/chromium-spec.js
View file

@ -645,7 +645,7 @@ describe('chromium feature', function () {
listener = function (event) { listener = function (event) {
window.removeEventListener('message', listener) window.removeEventListener('message', listener)
b.close() b.close()
assert.equal(event.data, 'second message') assert.equal(event.data, 'deliver')
done() done()
} }
window.addEventListener('message', listener) window.addEventListener('message', listener)

12
spec/fixtures/pages/window-opener-targetOrigin.html vendored
View file

@ -4,10 +4,16 @@
const url = require('url') const url = require('url')
if (url.parse(window.location.href, true).query.opened != null) { if (url.parse(window.location.href, true).query.opened != null) {
// Ensure origins are properly checked by removing a single character from the end // Ensure origins are properly checked by removing a single character from the end
window.opener.postMessage('first message', window.location.origin.substring(0, window.location.origin.length - 1)) window.opener.postMessage('do not deliver substring origin', window.location.origin.substring(0, window.location.origin.length - 1))
window.opener.postMessage('second message', window.location.origin) window.opener.postMessage('do not deliver file://', 'file://')
window.opener.postMessage('do not deliver http without port', 'http://127.0.0.1')
window.opener.postMessage('do not deliver atom', 'atom://')
window.opener.postMessage('do not deliver null', 'null')
window.opener.postMessage('do not deliver \\:/', '\\:/')
window.opener.postMessage('do not deliver empty', '')
window.opener.postMessage('deliver', window.location.origin)
} else { } else {
const opened = window.open(`${window.location.href}?opened=true`) const opened = window.open(`${window.location.href}?opened=true`, '', 'show=no')
window.addEventListener('message', function (event) { window.addEventListener('message', function (event) {
window.opener.postMessage(event.data, '*') window.opener.postMessage(event.data, '*')
opened.close() opened.close()