From 6ed457ea80358fdb4d0d6901cf80568b23eae2f8 Mon Sep 17 00:00:00 2001
From: "tommi@chromium.org"
 <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 15 Jul 2009 20:03:50 +0000
Subject: Adding handling of target and origin in external tab's postMessage +
 a unit test.

TEST=run ExternalTabPostMessageTarget test.
BUG=none

Review URL: http://codereview.chromium.org/155516

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20775 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/renderer/external_host_bindings.cc | 37 ++++++++++++++++++++++++++-----
 1 file changed, 31 insertions(+), 6 deletions(-)

(limited to 'chrome/renderer/external_host_bindings.cc')

diff --git a/chrome/renderer/external_host_bindings.cc b/chrome/renderer/external_host_bindings.cc
index 09c8e78..108ee34 100644
--- a/chrome/renderer/external_host_bindings.cc
+++ b/chrome/renderer/external_host_bindings.cc
@@ -28,6 +28,15 @@ void ExternalHostBindings::postMessage(
   std::string target;
   if (args.size() >= 2 && args[1].isString()) {
     target = args[1].ToString();
+    if (target.compare("*") != 0) {
+      GURL resolved(target);
+      if (!resolved.is_valid()) {
+        DLOG(WARNING) << "Unable to parse the specified target URL. " << target;
+        result->Set(false);
+        return;
+      }
+      target = resolved.spec();
+    }
   } else {
     target = "*";
   }
@@ -54,13 +63,29 @@ bool ExternalHostBindings::ForwardMessageFromExternalHost(
 
   bool status = false;
 
-  // TODO(tommi): Do the appropriate target check and drop the event if
-  //  the target doesn't match the url of the current document.
-  //  See: http://dev.w3.org/html5/spec/Overview.html#posting-messages
   if (target.compare("*") != 0) {
-    DLOG(WARNING) << "Dropping posted message since the target wasn't '*' "
-                     "and we haven't implemented parsing of the target param";
-    return false;
+    GURL frame_url(frame_->GetURL());
+    GURL frame_origin(frame_url.GetOrigin());
+    GURL target_origin(GURL(target).GetOrigin());
+
+    // We want to compare the origins of the two URLs but first
+    // we need to make sure that we don't compare an invalid one
+    // to a valid one.
+    bool drop = (frame_origin.is_valid() != target_origin.is_valid());
+
+    if (!drop) {
+      if (!frame_origin.is_valid()) {
+        // Both origins are invalid, so compare the URLs as opaque strings.
+        drop = (frame_url.spec().compare(target) != 0);
+      } else {
+        drop = (frame_origin != target_origin);
+      }
+    }
+
+    if (drop) {
+      DLOG(WARNING) << "Dropping posted message.  Origins don't match";
+      return false;
+    }
   }
 
   // Construct an event object, assign the origin to the origin member and
-- 
cgit v1.1