1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
let jsURL =
"javascript:" +
escape(
'window.parent.postMessage("JS uri ran", "*");\
return \'\
<script>\
window.parent.postMessage("Able to access private: " +\
window.parent.private, "*");\
</script>\''
);
let dataURL =
"data:text/html," +
escape(
'<!DOCTYPE HTML>\
<script>\
try {\
window.parent.postMessage("Able to access private: " +\
window.parent.private, "*");\
}\
catch (e) {\
window.parent.postMessage("pass", "*");\
}\
</script>'
);
let tests = [
// Plain document should work as normal
'<!DOCTYPE HTML>\
<script>\
try {\
window.parent.private;\
window.parent.postMessage("pass", "*");\
}\
catch (e) {\
window.parent.postMessage("Unble to access private", "*");\
}\
</script>',
// refresh to plain doc
{ refresh: "file_bug475636.sjs?1", doc: "<!DOCTYPE HTML>" },
// meta-refresh to plain doc
'<!DOCTYPE HTML>\
<head>\
<meta http-equiv="refresh" content="0; url=file_bug475636.sjs?1">\
</head>',
// refresh to data url
{ refresh: dataURL, doc: "<!DOCTYPE HTML>" },
// meta-refresh to data url
'<!DOCTYPE HTML>\
<head>\
<meta http-equiv="refresh" content="0; url=' +
dataURL +
'">\
</head>',
// refresh to js url should not be followed
{
refresh: jsURL,
doc:
'<!DOCTYPE HTML>\
<script>\
setTimeout(function() {\
window.parent.postMessage("pass", "*");\
}, 2000);\
</script>',
},
// meta refresh to js url should not be followed
'<!DOCTYPE HTML>\
<head>\
<meta http-equiv="refresh" content="0; url=' +
jsURL +
'">\
</head>\
<script>\
setTimeout(function() {\
window.parent.postMessage("pass", "*");\
}, 2000);\
</script>',
];
function handleRequest(request, response) {
dump("@@@@@@@@@hi there: " + request.queryString + "\n");
let test = tests[parseInt(request.queryString, 10) - 1];
response.setHeader("Content-Type", "text/html");
if (!test) {
response.write('<script>parent.postMessage("done", "*");</script>');
} else if (typeof test == "string") {
response.write(test);
} else if (test.refresh) {
response.setHeader("Refresh", "0; url=" + test.refresh);
response.write(test.doc);
}
}
|