Bug 1320039. r=kmag, r=wladimir, a=gchang
authorGijs Kruitbosch <gijskruitbosch@gmail.com>
Thu, 24 Nov 2016 11:21:05 +0000
changeset 352795 c1681c600fd11590ad9f48c0ac14ccceb63f7d6b
parent 352794 8a985f25512a475af1a53b7e4ff40407300d6e49
child 352796 a6c49cbc91512b8824ee33102ebb0a36d069984d
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskmag, wladimir, gchang
bugs1320039
milestone52.0a2
Bug 1320039. r=kmag, r=wladimir, a=gchang MozReview-Commit-ID: Fsj4bG5e2gT
browser/extensions/pocket/content/main.js
--- a/browser/extensions/pocket/content/main.js
+++ b/browser/extensions/pocket/content/main.js
@@ -349,82 +349,87 @@ var pktUI = (function() {
         }
         iframe.setAttribute(didInitAttributeKey, 1);
 
         // When the panel is displayed it generated an event called
         // "show": we will listen for that event and when it happens,
         // send our own "show" event to the panel's script, so the
         // script can prepare the panel for display.
         var _showMessageId = "show";
-        pktUIMessaging.addMessageListener(_showMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _showMessageId, function(panelId, data) {
             // Let panel know that it is ready
             pktUIMessaging.sendMessageToPanel(panelId, _showMessageId);
         });
 
         // Open a new tab with a given url and activate if
         var _openTabWithUrlMessageId = "openTabWithUrl";
-        pktUIMessaging.addMessageListener(_openTabWithUrlMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _openTabWithUrlMessageId, function(panelId, data, contentPrincipal) {
+            try {
+              urlSecurityCheck(data.url, contentPrincipal, Services.scriptSecurityManager.DISALLOW_INHERIT_PRINCIPAL);
+            } catch (ex) {
+              return;
+            }
 
             // Check if the tab should become active after opening
             var activate = true;
             if (typeof data.activate !== "undefined") {
                 activate = data.activate;
             }
 
             var url = data.url;
             openTabWithUrl(url, activate);
             pktUIMessaging.sendResponseMessageToPanel(panelId, _openTabWithUrlMessageId, url);
         });
 
         // Close the panel
         var _closeMessageId = "close";
-        pktUIMessaging.addMessageListener(_closeMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _closeMessageId, function(panelId, data) {
             getPanel().hidePopup();
         });
 
         // Send the current url to the panel
         var _getCurrentURLMessageId = "getCurrentURL";
-        pktUIMessaging.addMessageListener(_getCurrentURLMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _getCurrentURLMessageId, function(panelId, data) {
             pktUIMessaging.sendResponseMessageToPanel(panelId, _getCurrentURLMessageId, getCurrentUrl());
         });
 
         var _resizePanelMessageId = "resizePanel";
-        pktUIMessaging.addMessageListener(_resizePanelMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _resizePanelMessageId, function(panelId, data) {
             resizePanel(data);
         });
 
         // Callback post initialization to tell background script that panel is "ready" for communication.
-        pktUIMessaging.addMessageListener("listenerReady", function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, "listenerReady", function(panelId, data) {
 
         });
 
-        pktUIMessaging.addMessageListener("collapseSavePanel", function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, "collapseSavePanel", function(panelId, data) {
             if (!pktApi.isPremiumUser() && !isInOverflowMenu())
                 resizePanel({width:savePanelWidth, height:savePanelHeights.collapsed});
         });
 
-        pktUIMessaging.addMessageListener("expandSavePanel", function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, "expandSavePanel", function(panelId, data) {
             if (!isInOverflowMenu())
                 resizePanel({width:savePanelWidth, height:savePanelHeights.expanded});
         });
 
         // Ask for recently accessed/used tags for auto complete
         var _getTagsMessageId = "getTags";
-        pktUIMessaging.addMessageListener(_getTagsMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _getTagsMessageId, function(panelId, data) {
             pktApi.getTags(function(tags, usedTags) {
                 pktUIMessaging.sendResponseMessageToPanel(panelId, _getTagsMessageId, {
                     tags: tags,
                     usedTags: usedTags
                 });
             });
         });
 
         // Ask for suggested tags based on passed url
         var _getSuggestedTagsMessageId = "getSuggestedTags";
-        pktUIMessaging.addMessageListener(_getSuggestedTagsMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _getSuggestedTagsMessageId, function(panelId, data) {
             pktApi.getSuggestedTagsForURL(data.url, {
                 success: function(data, response) {
                     var suggestedTags = data.suggested_tags;
                     var successResponse = {
                         status: "success",
                         value: {
                             suggestedTags: suggestedTags
                         }
@@ -434,44 +439,44 @@ var pktUI = (function() {
                 error: function(error, response) {
                     pktUIMessaging.sendErrorResponseMessageToPanel(panelId, _getSuggestedTagsMessageId, error);
                 }
             })
         });
 
         // Pass url and array list of tags, add to existing save item accordingly
         var _addTagsMessageId = "addTags";
-        pktUIMessaging.addMessageListener(_addTagsMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _addTagsMessageId, function(panelId, data) {
             pktApi.addTagsToURL(data.url, data.tags, {
                 success: function(data, response) {
                     var successResponse = {status: "success"};
                     pktUIMessaging.sendResponseMessageToPanel(panelId, _addTagsMessageId, successResponse);
                 },
                 error: function(error, response) {
                     pktUIMessaging.sendErrorResponseMessageToPanel(panelId, _addTagsMessageId, error);
                 }
             });
         });
 
         // Based on clicking "remove page" CTA, and passed unique item id, remove the item
         var _deleteItemMessageId = "deleteItem";
-        pktUIMessaging.addMessageListener(_deleteItemMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _deleteItemMessageId, function(panelId, data) {
             pktApi.deleteItem(data.itemId, {
                 success: function(data, response) {
                     var successResponse = {status: "success"};
                     pktUIMessaging.sendResponseMessageToPanel(panelId, _deleteItemMessageId, successResponse);
                 },
                 error: function(error, response) {
                     pktUIMessaging.sendErrorResponseMessageToPanel(panelId, _deleteItemMessageId, error);
                 }
             })
         });
 
         var _initL10NMessageId = "initL10N";
-        pktUIMessaging.addMessageListener(_initL10NMessageId, function(panelId, data) {
+        pktUIMessaging.addMessageListener(iframe, _initL10NMessageId, function(panelId, data) {
             var strings = {};
             var bundle = Services.strings.createBundle("chrome://pocket/locale/pocket.properties");
             var e = bundle.getSimpleEnumeration();
             while (e.hasMoreElements()) {
                 var str = e.getNext().QueryInterface(Components.interfaces.nsIPropertyElement);
                 if (str.key in data) {
                     strings[str.key] = bundle.formatStringFromName(str.key, data[str.key], data[str.key].length);
                 } else {
@@ -602,44 +607,37 @@ var pktUIMessaging = (function() {
      */
     function prefixedMessageId(messageId) {
         return 'PKT_' + messageId;
     }
 
     /**
      * Register a listener and callback for a specific messageId
      */
-    function addMessageListener(messageId, callback) {
-        document.addEventListener(prefixedMessageId(messageId), function(e) {
+    function addMessageListener(iframe, messageId, callback) {
+        iframe.addEventListener(prefixedMessageId(messageId), function(e) {
+            var nodePrincipal = e.target.nodePrincipal;
             // ignore to ensure we do not pick up other events in the browser
-            if (e.target.tagName !== 'PKTMESSAGEFROMPANELELEMENT') {
+            if (!nodePrincipal || !nodePrincipal.URI || !nodePrincipal.URI.spec.startsWith("about:pocket")) {
                 return;
             }
 
             // Pass in information to callback
             var payload = JSON.parse(e.target.getAttribute("payload"))[0];
             var panelId = payload.panelId;
             var data = payload.data;
-            callback(panelId, data);
+            callback(panelId, data, nodePrincipal);
 
             // Cleanup the element
             e.target.parentNode.removeChild(e.target);
 
         }, false, true);
     }
 
     /**
-     * Remove a message listener
-     */
-    function removeMessageListener(messageId, callback) {
-        document.removeEventListener(prefixedMessageId(messageId), callback);
-    }
-
-
-    /**
      * Send a message to the panel's iframe
      */
     function sendMessageToPanel(panelId, messageId, payload) {
 
         if (!isPanelIdValid(panelId)) { return; }
 
         var panelFrame = pktUI.getPanelFrame();
         if (!isPocketPanelFrameValid(panelFrame)) { return; }
@@ -726,15 +724,14 @@ var pktUIMessaging = (function() {
         return true;
     }
 
     /**
      * Public
      */
     return {
         addMessageListener: addMessageListener,
-        removeMessageListener: removeMessageListener,
         sendMessageToPanel: sendMessageToPanel,
         sendResponseMessageToPanel: sendResponseMessageToPanel,
         sendErrorMessageToPanel: sendErrorMessageToPanel,
         sendErrorResponseMessageToPanel: sendErrorResponseMessageToPanel
     }
 }());