fix(responsible): Restrict error construction to known errors

Author: WilcoFiers

lib/core/utils/respondable.js

@@ -2,7 +2,9 @@
 (function (exports) {
 	'use strict';
 	var messages = {},
-		subscribers = {};
+		subscribers = {},
+		errorTypes = Object.freeze(['EvalError', 'RangeError', 'ReferenceError', 
+			'SyntaxError', 'TypeError', 'URIError']);
 
 	/**
 	 * get the unique string to be used to identify our instance of aXe
@@ -154,7 +156,8 @@
 	 */
 	function buildErrorObject(error) {
 		var msg = error.message || 'Unknown error occurred';
-		var ErrConstructor = window[error.name] || Error;
+		var errorName = errorTypes.includes(error.name) ? error.name : 'Error';
+		var ErrConstructor = window[errorName] || Error;
 
 		if (error.stack) {
 			msg += '\n' + error.stack.replace(error.message, '');

test/core/utils/respondable.js

@@ -332,6 +332,36 @@ describe('axe.utils.respondable', function () {
 		assert.isTrue(success);
 	});
 
+	it('should create an Error if an invalid error type is passed', function () {
+		var success = false;
+		var event = document.createEvent('Event');
+		window.evil = function () {};
+		// Define that the event name is 'build'.
+		event.initEvent('message', true, true);
+		event.data = JSON.stringify({
+			_respondable: true,
+			_source: 'axe.2.0.0',
+			topic: 'Death star',
+			error: {
+				name: 'evil',
+				message: 'The exhaust port is open!',
+				trail: '... boom'
+			},
+			uuid: mockUUID
+		});
+		event.source = window;
+
+		axe.utils.respondable(window, 'Death star', null, true, function (data) {
+			success = true;
+			assert.instanceOf(data, Error);
+			assert.equal(data.message, 'The exhaust port is open!');
+		});
+
+		document.dispatchEvent(event);
+		assert.isTrue(success);
+		window.evil = undefined;
+	});
+
 	it('uses respondable.isInFrame() to check if the page is in a frame or not', function() {
 		assert.equal(axe.utils.respondable.isInFrame(), !!window.frameElement);