tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

postMessage_helper.html (2543B)

      1 <!DOCTYPE html>
      2 <html>
      3 <head>
      4  <title>postMessage message receiver</title>
      5  <script type="application/javascript">
      6    function $(id) { return document.getElementById(id); }
      7 
      8    function setup()
      9    {
     10      var target = $("domain");
     11      target.textContent = location.hostname + ":" + (location.port || 80);
     12    }
     13 
     14    function receiveMessage(evt)
     15    {
     16      var response = evt.data + "-response";
     17 
     18      if (evt.lastEventId !== "")
     19        response += " wrong-lastEventId(" + evt.lastEventId + ")";
     20 
     21      if (evt.source !== window.parent)
     22      {
     23        response += " unexpected-source(" + evt.source + ")";
     24        response += " window-parent-is(" + window.parent + ")";
     25        response += " location(" + window.location.href + ")";
     26      }
     27 
     28      if (evt.type != "message")
     29        response += " wrong-type(" + evt.type + ")";
     30 
     31      var data = evt.data;
     32      if (data == "post-to-other-same-domain")
     33      {
     34        receiveSame(evt, response);
     35      }
     36      else if (data == "post-to-other-cross-domain")
     37      {
     38        receiveCross(evt, response);
     39      }
     40      else
     41      {
     42        response += " unexpected-message-to(" + window.location.href + ")";
     43        window.parent.postMessage(response, "http://mochi.test:8888");
     44      }
     45    }
     46 
     47    function receiveSame(evt, response)
     48    {
     49      var source = evt.source;
     50      try
     51      {
     52        if (evt.origin != "http://mochi.test:8888")
     53          response += " unexpected-origin(" + evt.origin + ")";
     54          
     55        try
     56        {
     57          var threw = false;
     58          var privateVariable = source.privateVariable;
     59        }
     60        catch (e)
     61        {
     62          threw = true;
     63        }
     64        if (threw || privateVariable !== window.parent.privateVariable)
     65          response += " accessed-source!!!";
     66  
     67      }
     68      finally
     69      {
     70        source.postMessage(response, evt.origin);
     71      }
     72    }
     73 
     74    function receiveCross(evt, response)
     75    {
     76      var source = evt.source;
     77      if (evt.origin != "http://mochi.test:8888")
     78        response += " unexpected-origin(" + evt.origin + ")";
     79        
     80      try
     81      {
     82        var threw = false;
     83        var privateVariable = source.privateVariable;
     84      }
     85      catch (e)
     86      {
     87        threw = true;
     88      }
     89      if (!threw || privateVariable !== undefined)
     90        response += " accessed-source!!!";
     91 
     92      source.postMessage(response, evt.origin);
     93    }
     94 
     95    window.addEventListener("load", setup);
     96    window.addEventListener("message", receiveMessage);
     97  </script>
     98 </head>
     99 <body>
    100 <h1 id="domain"></h1>
    101 </body>
    102 </html>