Do not parse messages from other scripts

Fix #11.

Author: zalmoxisus

src/browser/extension/background/messaging.js

@@ -14,6 +14,15 @@ onConnect(() => ({
   source: 'redux-page'
 }), {}, connections, window.store, sendNAMessage);
 
+function parseJSON(data) {
+  try {
+    return JSON.parse(data);
+  } catch (e) {
+    // console.error(data + 'is not a valid JSON', e);
+    return null;
+  }
+}
+
 // Receive message from content script and relay to the devTools page
 function messaging(request, sender) {
   const tabId = sender.tab ? sender.tab.id : sender.id;
@@ -22,7 +31,9 @@ function messaging(request, sender) {
       if (connections[ tabId ]) sendNAMessage(connections[ tabId ]);
       return true;
     }
-    if (request.payload) store.liftedStore.setState(request.payload);
+    const payload = typeof request.payload === 'string' ? parseJSON(request.payload) : request.payload;
+    if (!payload) return true;
+    store.liftedStore.setState(payload);
     if (request.init) {
       store.id = tabId;
       if (typeof tabId === 'number') {
@@ -31,7 +42,7 @@ function messaging(request, sender) {
       }
     }
     if (tabId in connections) {
-      connections[ tabId ].postMessage(request);
+      connections[ tabId ].postMessage({payload: payload});
     }
   }
   return true;

src/browser/extension/inject/contentScript.js

@@ -28,23 +28,14 @@ if (window.devToolsExtensionID) { // Send external messages
   (document.head || document.documentElement).appendChild(s);
 }
 
-function parseJSON(data) {
-  try {
-    return JSON.parse(data);
-  } catch (e) {
-    // console.error(data + 'is not a valid JSON', e);
-    return {};
-  }
-}
-
 // Resend messages from the page to the background script
 window.addEventListener('message', function(event) {
-  if (!event || event.source !== window || typeof event.data !== 'string') return;
-  const message = parseJSON(event.data);
+  if (!event || event.source !== window || typeof event.data !== 'object') return;
+  const message = event.data;
   if (message.source !== 'redux-page') return;
   payload = message.payload;
   sendMessage(message);
-});
+}, false);
 
 if (typeof window.onbeforeunload !== 'undefined') {
   // Prevent adding beforeunload listener for Chrome apps
@@ -62,4 +53,4 @@ document.addEventListener('visibilitychange', function() {
       init: true
     });
   }
-});
+}, false);

src/browser/extension/inject/pageScript.js

@@ -4,21 +4,19 @@ import { ACTION, UPDATE } from '../../../app/constants/ActionTypes';
 
 window.devToolsInit = function(store) {
   function onChange(init) {
-    window.postMessage(stringify({
-      payload: store.liftedStore.getState(),
+    window.postMessage({
+      payload: stringify(store.liftedStore.getState()),
       source: 'redux-page',
       init: init || false
-    }), '*');
+    }, '*');
   }
 
   function onMessage(event) {
-    let message;
-
-    if (event && event.source !== window) {
+    if (!event || event.source !== window) {
       return;
     }
 
-    message = event.data;
+    const message = event.data;
 
     if (!message || message.source !== 'redux-cs') {
       return;
@@ -34,7 +32,7 @@ window.devToolsInit = function(store) {
   }
 
   store.liftedStore.subscribe(onChange);
-  window.addEventListener('message', onMessage);
+  window.addEventListener('message', onMessage, false);
 
   onChange(true);
 };