diff --git a/src/client/sandbox/event/message.ts b/src/client/sandbox/event/message.ts index 8d8eaf1df..2f612782a 100644 --- a/src/client/sandbox/event/message.ts +++ b/src/client/sandbox/event/message.ts @@ -215,6 +215,14 @@ export default class MessageSandbox extends SandboxBase { postMessage (contentWindow: Window, args) { const targetUrl = args[1] || destLocation.getOriginHeader(); + // NOTE: We do NOT support the postMessage(message, options) overload. + // The second argument is expected to be `targetOrigin` (string). + // If an options object is provided instead, the call is considered invalid and will be aborted. + if (typeof targetUrl !== 'string') { + nativeMethods.consoleMeths.log(`testcafe-hammerhead: postMessage called with invalid targetOrigin; aborting call (type: ${typeof targetUrl})`); + return null; + } + // NOTE: Here, we pass all messages as "no preference" ("*"). // We do an origin check in "_onWindowMessage" to access the target origin. args[1] = '*'; diff --git a/test/client/fixtures/sandbox/event/message-test.js b/test/client/fixtures/sandbox/event/message-test.js index 04ea7ab4d..6d2e6cc2d 100644 --- a/test/client/fixtures/sandbox/event/message-test.js +++ b/test/client/fixtures/sandbox/event/message-test.js @@ -35,6 +35,22 @@ asyncTest('should pass "transfer" argument for "postMessage" (GH-1535)', functio callMethod(window, 'postMessage', ['test', '*', [channel.port1]]); }); +asyncTest('should not accept an object as "targetOrigin"', function () { + var called = false; + var handler = function () { + called = true; + }; + + window.addEventListener('message', handler); + callMethod(window, 'postMessage', ['message', { test: 1 }]); + + window.setTimeout(function () { + ok(!called, 'message should not be delivered'); + window.removeEventListener('message', handler); + start(); + }, 100); +}); + asyncTest('onmessage event', function () { var count = 0;