Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(respondable): avoid crashes if the data in window.postMessage is null #3249

Merged
merged 2 commits into from
Nov 12, 2021
Merged

fix(respondable): avoid crashes if the data in window.postMessage is null #3249

merged 2 commits into from
Nov 12, 2021

Conversation

esanzgar
Copy link
Contributor

@esanzgar esanzgar commented Nov 2, 2021
edited
Loading

axe-core crashes if another process sends a window.postMessage with
data equals to null.

In the previous version, because null has a type of 'object', it
crashed when trying to access the channelId.

This change detects first if the data is not null.

@esanzgar esanzgar requested a review from a team as a code owner November 2, 2021 10:39
@CLAassistant
Copy link

CLAassistant commented Nov 2, 2021
edited
Loading

CLA assistant check
All committers have signed the CLA.

straker
straker previously requested changes Nov 4, 2021
View reviewed changes
Copy link
Contributor

@straker straker left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the pr. Could you add a test for this case in the respondable test? Probably after the repeater test

@esanzgar
Avoid crashes if postMessage data is null
3a266e1 
axe-core crashes if another process sends a `window.postMessage` with
data equals to `null`.

In the previous version, because `null` has a type of `'object'`, it
crashed when trying to access the `channelId` on `null`.
@esanzgar
Copy link
Contributor Author

esanzgar commented Nov 9, 2021

I added the test. I am not very familiar with the internals with axe-core, so I am afraid you will need to take it from there.

@straker
Copy link
Contributor

straker commented Nov 12, 2021

Reviewed for security

@straker straker changed the title Avoid crashes if the data in window.postMessage is null fix(respondable): avoid crashes if the data in window.postMessage is null Nov 12, 2021
@straker straker merged commit b37b2f6 into dequelabs:develop Nov 12, 2021
@esanzgar esanzgar deleted the postMessag-null branch November 15, 2021 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WilcoFiers WilcoFiers WilcoFiers approved these changes

@straker straker straker left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@esanzgar @CLAassistant @straker @WilcoFiers