From d1b17e454758095757fca8e942d29f96af1eb8bc Mon Sep 17 00:00:00 2001 From: FMaz Date: Fri, 28 Jun 2024 13:40:03 -0300 Subject: [PATCH] Reduced the scope of the window.postMessage() calls. Improved comments. --- scripts/bootloader.js | 18 ++++++++++++++---- scripts/inj.js | 19 +++++++++++-------- 2 files changed, 25 insertions(+), 12 deletions(-) diff --git a/scripts/bootloader.js b/scripts/bootloader.js index a22c10e..76560a0 100644 --- a/scripts/bootloader.js +++ b/scripts/bootloader.js @@ -667,8 +667,9 @@ async function reportfees(event) { } } -//Function to receive a message from the website-end and launch an animation -//if the infinite wheel fix was used. +//Messaging from accross tabs and context +//Messages sent via window.postMessage({}, "*"); +//Most requests comes from the inj.js file, which is in a different scope/context. window.addEventListener("message", async function (event) { //Do not run the extension if ultraviner is running if (ultraviner) { @@ -699,7 +700,13 @@ window.addEventListener("message", async function (event) { } } } - window.postMessage({ type: "variantValidationResponse", result: event.data.variant }, "*"); + window.postMessage( + { + type: "variantValidationResponse", + result: event.data.variant, + }, + "/" //message should be sent to the same origin as the current document. + ); if (lastResortFixUsed) { window.postMessage( @@ -707,7 +714,7 @@ window.addEventListener("message", async function (event) { type: "infiniteWheelFixed", text: "Last resort method used.", }, - "*" + "/" //message should be sent to the same origin as the current document. ); } } @@ -851,6 +858,9 @@ window.addEventListener("message", async function (event) { } }); +//Message from within the context of the extension +//Messages sent via: browser.tabs.sendMessage(tab.id, data); +//In this case, all messages are coming from the service_worker file. browser.runtime.onMessage.addListener(async function (message, sender, sendResponse) { let data = message; if (data.type == undefined) return; diff --git a/scripts/inj.js b/scripts/inj.js index f1d62b8..f51847c 100644 --- a/scripts/inj.js +++ b/scripts/inj.js @@ -44,7 +44,7 @@ window.fetch = async (...args) => { type: "order", data, }, - "*" + "/" //message should be sent to the same origin as the current document. ); //Wait 500ms following an order to allow for the order report query to go through before the redirect happens. @@ -71,7 +71,7 @@ window.fetch = async (...args) => { error: error.exceptionType, }, }, - "*" + "/" //message should be sent to the same origin as the current document. ); } return response; @@ -101,7 +101,7 @@ window.fetch = async (...args) => { type: "etv", data, }, - "*" + "/" //message should be sent to the same origin as the current document. ); } @@ -170,7 +170,7 @@ window.fetch = async (...args) => { type: "infiniteWheelFixed", text: fixed + " variation(s) fixed.", }, - "*" + "/" //message should be sent to the same origin as the current document. ); } @@ -193,9 +193,12 @@ async function testVariants(content) { }); //Send the message to Vine Helper for processing as JQuery is not available in this context - window.postMessage({ - type: "variantValidationRequest", - variant: content, - }); + window.postMessage( + { + type: "variantValidationRequest", + variant: content, + }, + "/" //message should be sent to the same origin as the current document. + ); }); }