From afd736d9f91a3032dd46d47b20da76e0c419ae84 Mon Sep 17 00:00:00 2001 From: Kevin Sawicki Date: Thu, 10 Dec 2015 15:51:15 -0800 Subject: [PATCH 1/3] Guard against null guest or embedder Uncaught exceptions would occur when these were null and the target origin was '*' --- atom/browser/lib/guest-window-manager.coffee | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/atom/browser/lib/guest-window-manager.coffee b/atom/browser/lib/guest-window-manager.coffee index 53bbb735b044..763162a5de5f 100644 --- a/atom/browser/lib/guest-window-manager.coffee +++ b/atom/browser/lib/guest-window-manager.coffee @@ -76,12 +76,12 @@ ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_METHOD', (event, guestId, met ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', (event, guestId, message, targetOrigin) -> guestContents = BrowserWindow.fromId(guestId)?.webContents if guestContents?.getURL().indexOf(targetOrigin) is 0 or targetOrigin is '*' - guestContents.send 'ATOM_SHELL_GUEST_WINDOW_POSTMESSAGE', guestId, message, targetOrigin + guestContents?.send 'ATOM_SHELL_GUEST_WINDOW_POSTMESSAGE', guestId, message, targetOrigin ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_OPENER_POSTMESSAGE', (event, guestId, message, targetOrigin, sourceOrigin) -> embedder = v8Util.getHiddenValue event.sender, 'embedder' if embedder?.getURL().indexOf(targetOrigin) is 0 or targetOrigin is '*' - embedder.send 'ATOM_SHELL_GUEST_WINDOW_POSTMESSAGE', guestId, message, sourceOrigin + embedder?.send 'ATOM_SHELL_GUEST_WINDOW_POSTMESSAGE', guestId, message, sourceOrigin ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', (event, guestId, method, args...) -> BrowserWindow.fromId(guestId)?.webContents?[method] args... From 2cb752e3deb95bcdb84eac449b5943428f8501b4 Mon Sep 17 00:00:00 2001 From: Kevin Sawicki Date: Thu, 10 Dec 2015 16:49:23 -0800 Subject: [PATCH 2/3] Add failing spec for event origin --- spec/chromium-spec.coffee | 13 +++++++++++++ spec/fixtures/pages/window-open-postMessage.html | 9 +++++++++ 2 files changed, 22 insertions(+) create mode 100644 spec/fixtures/pages/window-open-postMessage.html diff --git a/spec/chromium-spec.coffee b/spec/chromium-spec.coffee index 211de346846b..2b768f670b14 100644 --- a/spec/chromium-spec.coffee +++ b/spec/chromium-spec.coffee @@ -115,6 +115,19 @@ describe 'chromium feature', -> window.addEventListener 'message', listener b = window.open url, '', 'show=no' + describe 'window.postMessage', -> + it 'sets the origin correctly', (done) -> + listener = (event) -> + window.removeEventListener 'message', listener + b.close() + assert.equal event.data, 'file://testing' + assert.equal event.origin, 'file://' + done() + window.addEventListener 'message', listener + b = window.open "file://#{fixtures}/pages/window-open-postMessage.html", '', 'show=no' + BrowserWindow.fromId(b.guestId).webContents.once 'did-finish-load', -> + b.postMessage('testing', '*') + describe 'window.opener.postMessage', -> it 'sets source and origin correctly', (done) -> listener = (event) -> diff --git a/spec/fixtures/pages/window-open-postMessage.html b/spec/fixtures/pages/window-open-postMessage.html new file mode 100644 index 000000000000..e547fa2a6090 --- /dev/null +++ b/spec/fixtures/pages/window-open-postMessage.html @@ -0,0 +1,9 @@ + + + + + From 9bc7c62588bc831c1779c0ed61290f2a3e8c7707 Mon Sep 17 00:00:00 2001 From: Kevin Sawicki Date: Thu, 10 Dec 2015 16:52:39 -0800 Subject: [PATCH 3/3] Use source origin in window.postMessage event --- atom/browser/lib/guest-window-manager.coffee | 4 ++-- atom/renderer/lib/override.coffee | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/atom/browser/lib/guest-window-manager.coffee b/atom/browser/lib/guest-window-manager.coffee index 763162a5de5f..9ed75c225f54 100644 --- a/atom/browser/lib/guest-window-manager.coffee +++ b/atom/browser/lib/guest-window-manager.coffee @@ -73,10 +73,10 @@ ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_CLOSE', (event, guestId) -> ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_METHOD', (event, guestId, method, args...) -> BrowserWindow.fromId(guestId)?[method] args... -ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', (event, guestId, message, targetOrigin) -> +ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', (event, guestId, message, targetOrigin, sourceOrigin) -> guestContents = BrowserWindow.fromId(guestId)?.webContents if guestContents?.getURL().indexOf(targetOrigin) is 0 or targetOrigin is '*' - guestContents?.send 'ATOM_SHELL_GUEST_WINDOW_POSTMESSAGE', guestId, message, targetOrigin + guestContents?.send 'ATOM_SHELL_GUEST_WINDOW_POSTMESSAGE', guestId, message, sourceOrigin ipcMain.on 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_OPENER_POSTMESSAGE', (event, guestId, message, targetOrigin, sourceOrigin) -> embedder = v8Util.getHiddenValue event.sender, 'embedder' diff --git a/atom/renderer/lib/override.coffee b/atom/renderer/lib/override.coffee index cb4fb8fbac2d..9da84fb9a421 100644 --- a/atom/renderer/lib/override.coffee +++ b/atom/renderer/lib/override.coffee @@ -23,7 +23,7 @@ class BrowserWindowProxy ipcRenderer.send 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_METHOD', @guestId, 'blur' postMessage: (message, targetOrigin='*') -> - ipcRenderer.send 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', @guestId, message, targetOrigin + ipcRenderer.send 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WINDOW_POSTMESSAGE', @guestId, message, targetOrigin, location.origin eval: (args...) -> ipcRenderer.send 'ATOM_SHELL_GUEST_WINDOW_MANAGER_WEB_CONTENTS_METHOD', @guestId, 'executeJavaScript', args...