Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

domain restriction validation added

  • Loading branch information...
commit fa0f244739c861c562bc487a9a9ae1fa56155f5b 1 parent edbab0f
@alejandrolechuga authored
Showing with 42 additions and 8 deletions.
  1. +42 −8 redCross.1.0.js
View
50 redCross.1.0.js
@@ -7,6 +7,8 @@
// @todo add support for browsers without postMessage functionality
// @todo set of tests
// @todo test on different browser versions
+// @todo add wildcard for domain restrictions
+
(function (global) {
"use strict";
var RedCross = {},
@@ -15,12 +17,24 @@
postMessage = !!global.postMessage,
supportsJSON = !!global.JSON,
isParentWindow = global.parent === global,
- clientStack = [];
+ clientStack = [],
+ serverStack = [],
+ debugEnabled = false;
+
+ // Enables debugmode
+ // @param Boolean bool
+ // @return null
+ RedCross.enableDebug = function (bool) {
+ debugEnabled = bool;
+ };
// Debuging function for messages
// @param mixed data
// @return null
RedCross.trace = function (data) {
+ if (!debugEnabled) {
+ return;
+ }
var output = "location [" + location.href + "] time [" + new Date().getTime() + "]";
console.log(output);
console.log(data);
@@ -112,10 +126,7 @@
client.onResponse = args.onResponse;
}
- RedCross.trace("Cliente Loaded ");
-
RedCross.listenPostMessageFromClient();
-
return client;
};
@@ -127,7 +138,6 @@
if (postMessage) {
client.window.contentWindow.postMessage(packet, "*");
}
- //HASH ALTERNATIVE
};
// Sends postMessage method
@@ -139,11 +149,13 @@
// @param Object args {policy:[]} //allowed domains
// @return Object Server
RedCross.server = function (args) {
- RedCross.trace("Server Loaded");
+ var server = {};
if (postMessage) {
RedCross.listenPostMessageFromServer(args);
}
- return {};
+ serverStack.policy = args.policy;
+ serverStack.push(server);
+ return server;
};
// Clear Clients or Servers
@@ -156,7 +168,13 @@
// @return null
RedCross.listenPostMessageFromServer = function (params) {
RedCross.onMessageListener(function (event) {
- var data = JSON.parse(event.data);
+ var data;
+
+ if (!RedCross.validatePolicy(params.policy, event.origin)) {
+ return;
+ }
+
+ data = JSON.parse(event.data);
if (params.onMessage) {
var response = params.onMessage(data.message, data, event);
if (response) {
@@ -170,6 +188,22 @@
});
};
+ // Validates domain restriction
+ // @param Array policies
+ // @param String origin
+ // @return Boolean
+ RedCross.validatePolicy = function (policies, origin) {
+ var i = policies.length;
+ while (i--) {
+ var restrictedDomain = RedCross.getDomainFromURL(policies[i]);
+ origin = RedCross.getDomainFromURL(origin);
+ if (restrictedDomain === origin) {
+ return true;
+ }
+ }
+ return false;
+ };
+
// Listen post message from client
// @param Object params
// @return null
Please sign in to comment.
Something went wrong with that request. Please try again.