aboutsummaryrefslogtreecommitdiffstats
path: root/pages/ui_component_server.coffee
diff options
context:
space:
mode:
Diffstat (limited to 'pages/ui_component_server.coffee')
-rw-r--r--pages/ui_component_server.coffee27
1 files changed, 27 insertions, 0 deletions
diff --git a/pages/ui_component_server.coffee b/pages/ui_component_server.coffee
new file mode 100644
index 00000000..8b43095b
--- /dev/null
+++ b/pages/ui_component_server.coffee
@@ -0,0 +1,27 @@
+
+# Fetch the Vimium secret, register the port recieved from the parent window, and stop listening for messages
+# on the window object. vimiumSecret is accessible only within the current instantion of Vimium. So a
+# malicious host page trying to register its own port can do no better than guessing.
+registerPort = (event) ->
+ chrome.storage.local.get "vimiumSecret", ({vimiumSecret: secret}) ->
+ return unless event.source == window.parent and event.data == secret
+ UIComponentServer.portOpen event.ports[0]
+ window.removeEventListener "message", registerPort
+
+window.addEventListener "message", registerPort
+
+UIComponentServer =
+ ownerPagePort: null
+ handleMessage: null
+
+ portOpen: (@ownerPagePort) ->
+ @ownerPagePort.onmessage = (event) =>
+ @handleMessage event if @handleMessage
+
+ registerHandler: (@handleMessage) ->
+
+ postMessage: (message) ->
+ @ownerPagePort.postMessage message if @ownerPagePort
+
+root = exports ? window
+root.UIComponentServer = UIComponentServer
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-01 19:02:53 +0000