Adding handling of target and origin in external tab's postMessage + a unit test.

TEST=run ExternalTabPostMessageTarget test. BUG=none Review URL: http://codereview.chromium.org/155516 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20775 0039d316-1c4b-4281-b951-d872f2087c98
author: tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-07-15 20:03:50 +0000
committer: tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-07-15 20:03:50 +0000
commit: 6ed457ea80358fdb4d0d6901cf80568b23eae2f8 (patch)
tree: be96f4b7df9749d5359a6c1e42894f69fb1ec0bc /chrome/renderer/external_host_bindings.cc
parent: 2b56832683197686038bcbf7b1ef662e9a41268a (diff)
download: chromium_src-6ed457ea80358fdb4d0d6901cf80568b23eae2f8.zip
chromium_src-6ed457ea80358fdb4d0d6901cf80568b23eae2f8.tar.gz
chromium_src-6ed457ea80358fdb4d0d6901cf80568b23eae2f8.tar.bz2
1 files changed, 31 insertions, 6 deletions
diff --git a/chrome/renderer/external_host_bindings.cc b/chrome/renderer/external_host_bindings.cc
index 09c8e78..108ee34 100644
--- a/chrome/renderer/external_host_bindings.cc
+++ b/chrome/renderer/external_host_bindings.cc
@@ -28,6 +28,15 @@ void ExternalHostBindings::postMessage(
   std::string target;
   if (args.size() >= 2 && args[1].isString()) {
     target = args[1].ToString();
+    if (target.compare("*") != 0) {
+      GURL resolved(target);
+      if (!resolved.is_valid()) {
+        DLOG(WARNING) << "Unable to parse the specified target URL. " << target;
+        result->Set(false);
+        return;
+      }
+      target = resolved.spec();
+    }
   } else {
     target = "*";
   }
@@ -54,13 +63,29 @@ bool ExternalHostBindings::ForwardMessageFromExternalHost(
 
   bool status = false;
 
-  // TODO(tommi): Do the appropriate target check and drop the event if
-  //  the target doesn't match the url of the current document.
-  //  See: http://dev.w3.org/html5/spec/Overview.html#posting-messages
   if (target.compare("*") != 0) {
-    DLOG(WARNING) << "Dropping posted message since the target wasn't '*' "
-                     "and we haven't implemented parsing of the target param";
-    return false;
+    GURL frame_url(frame_->GetURL());
+    GURL frame_origin(frame_url.GetOrigin());
+    GURL target_origin(GURL(target).GetOrigin());
+
+    // We want to compare the origins of the two URLs but first
+    // we need to make sure that we don't compare an invalid one
+    // to a valid one.
+    bool drop = (frame_origin.is_valid() != target_origin.is_valid());
+
+    if (!drop) {
+      if (!frame_origin.is_valid()) {
+        // Both origins are invalid, so compare the URLs as opaque strings.
+        drop = (frame_url.spec().compare(target) != 0);
+      } else {
+        drop = (frame_origin != target_origin);
+      }
+    }
+
+    if (drop) {
+      DLOG(WARNING) << "Dropping posted message.  Origins don't match";
+      return false;
+    }
   }
 
   // Construct an event object, assign the origin to the origin member and
author	tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-07-15 20:03:50 +0000
committer	tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-07-15 20:03:50 +0000
commit	6ed457ea80358fdb4d0d6901cf80568b23eae2f8 (patch)
tree	be96f4b7df9749d5359a6c1e42894f69fb1ec0bc /chrome/renderer/external_host_bindings.cc
parent	2b56832683197686038bcbf7b1ef662e9a41268a (diff)
download	chromium_src-6ed457ea80358fdb4d0d6901cf80568b23eae2f8.zip chromium_src-6ed457ea80358fdb4d0d6901cf80568b23eae2f8.tar.gz chromium_src-6ed457ea80358fdb4d0d6901cf80568b23eae2f8.tar.bz2