aboutsummaryrefslogtreecommitdiffstats
path: root/pages/ui_component_server.coffee
diff options
context:
space:
mode:
authorStephen Blott2015-01-06 05:39:25 +0000
committerStephen Blott2015-01-06 05:39:25 +0000
commit30dee76c6ab1de9e2a62701dacffc29fa5be0866 (patch)
tree1aab7586b612a92222a4cfe85f4d4f5173e236bc /pages/ui_component_server.coffee
parent3620fec662ab89bd4f7827e66deec49ff4d11b8e (diff)
parentfc2201b996e47ca06090e10e4ebfcd9f4b345fde (diff)
downloadvimium-30dee76c6ab1de9e2a62701dacffc29fa5be0866.tar.bz2
Merge pull request #1407 from smblott-github/post-1.46
Merge post-1.46 in its entirety
Diffstat (limited to 'pages/ui_component_server.coffee')
-rw-r--r--pages/ui_component_server.coffee27
1 files changed, 27 insertions, 0 deletions
diff --git a/pages/ui_component_server.coffee b/pages/ui_component_server.coffee
new file mode 100644
index 00000000..8b43095b
--- /dev/null
+++ b/pages/ui_component_server.coffee
@@ -0,0 +1,27 @@
+
+# Fetch the Vimium secret, register the port recieved from the parent window, and stop listening for messages
+# on the window object. vimiumSecret is accessible only within the current instantion of Vimium. So a
+# malicious host page trying to register its own port can do no better than guessing.
+registerPort = (event) ->
+ chrome.storage.local.get "vimiumSecret", ({vimiumSecret: secret}) ->
+ return unless event.source == window.parent and event.data == secret
+ UIComponentServer.portOpen event.ports[0]
+ window.removeEventListener "message", registerPort
+
+window.addEventListener "message", registerPort
+
+UIComponentServer =
+ ownerPagePort: null
+ handleMessage: null
+
+ portOpen: (@ownerPagePort) ->
+ @ownerPagePort.onmessage = (event) =>
+ @handleMessage event if @handleMessage
+
+ registerHandler: (@handleMessage) ->
+
+ postMessage: (message) ->
+ @ownerPagePort.postMessage message if @ownerPagePort
+
+root = exports ? window
+root.UIComponentServer = UIComponentServer
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-10 07:04:04 +0000