summaryrefslogtreecommitdiffstats
path: root/dom/tests/mochitest/whatwg/postMessage_helper.html
blob: 86e34e9d4a83bca339bd7c11c02bb37f42970c82 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<!DOCTYPE html>
<html>
<head>
  <title>postMessage message receiver</title>
  <script type="application/javascript" src="browserFu.js"></script>
  <script type="application/javascript">
    function $(id) { return document.getElementById(id); }

    function setup()
    {
      var target = $("domain");
      target.textContent = location.hostname + ":" + (location.port || 80);
    }

    function receiveMessage(evt)
    {
      var response = evt.data + "-response";

      if (evt.lastEventId !== "")
        response += " wrong-lastEventId(" + evt.lastEventId + ")";

      if (evt.source !== window.parent)
      {
        response += " unexpected-source(" + evt.source + ")";
        response += " window-parent-is(" + window.parent + ")";
        response += " location(" + window.location.href + ")";
      }

      if (isMozilla)
      {
        if (evt.isTrusted !== false)
          response += " unexpected-trusted";
      }

      if (evt.type != "message")
        response += " wrong-type(" + evt.type + ")";

      var data = evt.data;
      if (data == "post-to-other-same-domain")
      {
        receiveSame(evt, response);
      }
      else if (data == "post-to-other-cross-domain")
      {
        receiveCross(evt, response);
      }
      else
      {
        response += " unexpected-message-to(" + window.location.href + ")";
        window.parent.postMessage(response, "http://mochi.test:8888");
        return;
      }
    }

    function receiveSame(evt, response)
    {
      var source = evt.source;
      try
      {
        if (evt.origin != "http://mochi.test:8888")
          response += " unexpected-origin(" + evt.origin + ")";
          
        try
        {
          var threw = false;
          var privateVariable = source.privateVariable;
        }
        catch (e)
        {
          threw = true;
        }
        if (threw || privateVariable !== window.parent.privateVariable)
          response += " accessed-source!!!";
  
      }
      finally
      {
        source.postMessage(response, evt.origin);
      }
    }

    function receiveCross(evt, response)
    {
      var source = evt.source;
      if (evt.origin != "http://mochi.test:8888")
        response += " unexpected-origin(" + evt.origin + ")";
        
      try
      {
        var threw = false;
        var privateVariable = source.privateVariable;
      }
      catch (e)
      {
        threw = true;
      }
      if (!threw || privateVariable !== undefined)
        response += " accessed-source!!!";

      source.postMessage(response, evt.origin);
    }

    window.addEventListener("load", setup, false);
    window.addEventListener("message", receiveMessage, false);
  </script>
</head>
<body>
<h1 id="domain"></h1>
</body>
</html>