From 582ad4dafe25beb20cba5803a928990649171d8a Mon Sep 17 00:00:00 2001
From: Evan Carothers <evan.carothers@gmail.com>
Date: Thu, 7 Apr 2016 11:33:33 -0500
Subject: [PATCH] additional unit testing support for postMessage scenarios

---
 package.json          |  2 +-
 src/xdomain_cookie.js |  5 ++---
 test/test_page.html   |  8 +++++++
 test/test_suite.js    | 50 ++++++++++++++++++++++++++++++++++++++++++-
 4 files changed, 60 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 43cf856..5193d22 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xdomain-cookies",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "JS class for cross-domain shared cookie (via iframe shim)",
   "scripts": {
     "test": "node_modules/.bin/mocha test/test_suite.js",
diff --git a/src/xdomain_cookie.js b/src/xdomain_cookie.js
index a4df551..8beb26a 100644
--- a/src/xdomain_cookie.js
+++ b/src/xdomain_cookie.js
@@ -18,6 +18,7 @@
 
 		//function called on inbound post message - filter/verify that message is for our consumption, then set ready data an fire callbacks
 		function _inbound_postmessage( event ){
+			if(typeof event.data !== 'string') return; //expected json string encoded payload
 			try{
 	        	var data = JSON.parse(event.data);
 	        }catch(e){
@@ -140,7 +141,7 @@
 		}
 
 		//bind postmessage listeners for incoming messages from iframe
-		window.addEventListener('message', _inbound_postmessage);
+		window.addEventListener('message', _inbound_postmessage );
 
 		//create hidden iframe on the page that loads from same domain as this script and is used for communication / cookie setting
 		var ifr = document.createElement('iframe');
@@ -170,9 +171,7 @@
 	exports.xDomainCookie = xDomainCookie;
 })(this);
 
-
 /*
-
 //EXAMPLE OF USAGE
 
 var shared_cookie = xDomainSharedCookie( 'https://shared.contently.com', 'contently.ifsc' );
diff --git a/test/test_page.html b/test/test_page.html
index dc58506..c24acf0 100644
--- a/test/test_page.html
+++ b/test/test_page.html
@@ -5,6 +5,14 @@
 
 <script src="xdomain_cookie.js"></script>
 <script>
+
+	var js_errors = [];
+	window.onerror = function(message, source, lineno, colno, error) {
+		var err = {message:message, source:source, lineno:lineno, colno:colno, error:error};
+		js_errors.push(err);
+		console.error("JS ERROR",err);
+	};
+
 	var existing_cookie_val = 'wrong'; //used to track success of cookie writethrough (set via callback)
 	var final_cookie_val = 'wrong'; //used to track what cookie val is finally set to
 
diff --git a/test/test_suite.js b/test/test_suite.js
index 5c7bc02..039baf5 100644
--- a/test/test_suite.js
+++ b/test/test_suite.js
@@ -14,7 +14,8 @@ const 	TEST_COOKIE_NAME = 'test_cookie',
 		EXPECTED_UNSET_COOKIE_VAL = 'test1234',
 		EXPECTED_SET_COOKIE_VAL = 'preset1234',
 		JS_VAR_EXISTING_VAL = 'existing_cookie_val',
-		JS_VAR_FINAL_VAL = 'final_cookie_val';
+		JS_VAR_FINAL_VAL = 'final_cookie_val',
+		JS_CAPTURED_ERRORS = 'js_errors';
 
 //register needed domains to route throug localhost w/ zombie
 Browser.localhost(HTML_DOMAIN_1,3002);
@@ -436,4 +437,51 @@ describe("Iframe shared cookie",function(){
 
 	});
 	
+	describe('Single Domain, 3rd party postMessage calls with weird payloads', function(){
+		//Assert that postMessage calls with various odd payloads don't interfere with our postMessage listeners
+
+		before(function( done ){
+			this.browser = new Browser();
+			this.browser.on('error',function(err){
+				console.log("BROWSER ERROR",err);
+			});
+			this.browser.deleteCookies();
+			var _browser = this.browser;
+			this.browser.visit('http://'+HTML_DOMAIN_1+'/test_page.html',function(){
+				setTimeout(function(){
+		    		_browser.window.postMessage({ foo:'bar' },'*');
+		    		_browser.window.postMessage( null, '*' );
+		    		_browser.window.postMessage( 'random stuff', '*' );
+		    		_browser.window.postMessage( [], '*' );
+		    		_browser.window.postMessage( '[]', '*' );
+		    		_browser.window.postMessage( 'null', '*' );
+		    		_browser.window.postMessage( 'false', '*' );
+		    		_browser.window.postMessage( true, '*' );
+		    		_browser.window.postMessage( 'true', '*' );
+		    		_browser.window.postMessage( false, '*' );
+		    		setTimeout(done,300);
+		    	},300);
+	    	});
+		});
+
+		it('expect no JS errors, and setting cookie still worked', function(){
+
+			//verify that there were no JS errors
+			var page_errs = this.browser.evaluate(JS_CAPTURED_ERRORS);
+			expect( page_errs.length ).to.equal( 0 );
+			expect( this.browser.errors.length ).to.equal( 0 );
+
+			expect( this.browser.queryAll('iframe[src*="http://'+IFRAME_DOMAIN+'/xdomain_cookie.html"]' ).length).to.equal(1);
+			//verify there was no existing/returned val from .get()
+			expect( this.browser.evaluate(JS_VAR_EXISTING_VAL) ).to.equal( null );
+			//verify that final val was set correctly
+			expect( this.browser.evaluate(JS_VAR_FINAL_VAL) ).to.equal( EXPECTED_UNSET_COOKIE_VAL );
+			//check cookie values
+			var local_cookie = this.browser.getCookie({ name: TEST_COOKIE_NAME, domain: HTML_DOMAIN_1, path: '/' });
+			expect( local_cookie ).to.equal( EXPECTED_UNSET_COOKIE_VAL );
+			var iframe_cookie = this.browser.getCookie({ name: TEST_COOKIE_NAME, domain: IFRAME_DOMAIN, path: '/' });
+			expect( iframe_cookie ).to.equal( EXPECTED_UNSET_COOKIE_VAL );
+			
+		});
+	})
 });
\ No newline at end of file