<!DOCTYPE html>
<html>
<head>
  <title>postMessage message receiver</title>
  <script type="application/javascript" src="browserFu.js"></script>
  <script type="application/javascript">
    function $(id) { return document.getElementById(id); }

    function setup()
    {
      var target = $("domain");
      target.textContent = location.hostname + ":" + (location.port || 80);
    }

    function receiveMessage(evt)
    {
      var response = evt.data + "-response";

      if (evt.lastEventId !== "")
        response += " wrong-lastEventId(" + evt.lastEventId + ")";

      if (evt.source !== window.parent)
      {
        response += " unexpected-source(" + evt.source + ")";
        response += " window-parent-is(" + window.parent + ")";
        response += " location(" + window.location.href + ")";
      }

      if (isMozilla)
      {
        if (evt.isTrusted !== false)
          response += " unexpected-trusted";
      }

      if (evt.type != "message")
        response += " wrong-type(" + evt.type + ")";

      var data = evt.data;
      if (data == "post-to-other-same-domain")
      {
        receiveSame(evt, response);
      }
      else if (data == "post-to-other-cross-domain")
      {
        receiveCross(evt, response);
      }
      else
      {
        response += " unexpected-message-to(" + window.location.href + ")";
        window.parent.postMessage(response, "http://mochi.test:8888");
        return;
      }
    }

    function receiveSame(evt, response)
    {
      var source = evt.source;
      try
      {
        if (evt.origin != "http://mochi.test:8888")
          response += " unexpected-origin(" + evt.origin + ")";
          
        try
        {
          var threw = false;
          var privateVariable = source.privateVariable;
        }
        catch (e)
        {
          threw = true;
        }
        if (threw || privateVariable !== window.parent.privateVariable)
          response += " accessed-source!!!";
  
      }
      finally
      {
        source.postMessage(response, evt.origin);
      }
    }

    function receiveCross(evt, response)
    {
      var source = evt.source;
      if (evt.origin != "http://mochi.test:8888")
        response += " unexpected-origin(" + evt.origin + ")";
        
      try
      {
        var threw = false;
        var privateVariable = source.privateVariable;
      }
      catch (e)
      {
        threw = true;
      }
      if (!threw || privateVariable !== undefined)
        response += " accessed-source!!!";

      source.postMessage(response, evt.origin);
    }

    window.addEventListener("load", setup, false);
    window.addEventListener("message", receiveMessage, false);
  </script>
</head>
<body>
<h1 id="domain"></h1>
</body>
</html>