Update with version of code that will work after updating post-messag…

…e-stream
MetaMask · Mar 2, 2023 · 816847d · 816847d
1 parent 406b231
commit 816847d
Show file tree

Hide file tree

Showing 3 changed files with 45 additions and 22 deletions.
diff --git a/packages/snaps-controllers/src/services/iframe/IframeExecutionService.test.browser.ts b/packages/snaps-controllers/src/services/iframe/IframeExecutionService.test.browser.ts
@@ -168,35 +168,58 @@ describe('IframeExecutionService', () => {
     );
   });
 
-  it.only('checks event security', async () => {
+  it('confirms that events are secured', async () => {
+    // Check if the security critical properties of the Event object
+    // are unavailable. This will confirm that executeLockdownEvents works
+    // inside snaps-execution-environments
     const { service } = createService(IframeExecutionService, {
       iframeUrl: new URL(IFRAME_URL),
     });
 
     await service.executeSnap({
       snapId: MOCK_SNAP_ID,
-      sourceCode: DEFAULT_SNAP_BUNDLE,
-      endowments: ['console'],
+      sourceCode: `
+        module.exports.onRpcRequest = async ({ request }) => {
+            let result;
+            const promise = new Promise((resolve) => {
+                const xhr = new XMLHttpRequest();
+                xhr.open('GET', '//x.com');
+                xhr.send();
+                xhr.onreadystatechange = (ev) => {
+                  debugger;
+                  result = ev;
+                  resolve();
+                };
+            });
+            await promise;
+
+            return {
+              targetIsUndefined: result.target === undefined,
+              currentTargetIsUndefined: result.target === undefined,
+              srcElementIsUndefined: result.target === undefined,
+              composedPathIsUndefined: result.target === undefined
+            };
+        };
+      `,
+      endowments: ['console', 'XMLHttpRequest'],
     });
 
-    const iframe = document.querySelector('iframe');
-    assert(iframe);
-
-    const message = new Promise((resolve) => {
-      window.addEventListener('message', (event) => {
-        resolve(event.data);
-      });
+    const result = await service.handleRpcRequest(MOCK_SNAP_ID, {
+      origin: 'foo',
+      handler: HandlerType.OnRpcRequest,
+      request: {
+        jsonrpc: '2.0',
+        id: 1,
+        method: 'foobar',
+        params: [],
+      },
     });
 
-    // Create Event test script
-    // const eventScript = document.createElement('script');
-    // eventScript.src = `${IFRAME_URL}/test/sandbox/event-test.js`;
-    // document.body.appendChild(eventScript);
-    // Creates an iframe
-    const testFrame = document.createElement('iframe');
-    testFrame.src = `${IFRAME_URL}/test/sandbox/events.html`;
-    document.body.appendChild(testFrame);
-
-    expect(await message).toStrictEqual('EVENTS_SECURED');
+    expect(result).toStrictEqual({
+      targetIsUndefined: true,
+      currentTargetIsUndefined: true,
+      srcElementIsUndefined: true,
+      composedPathIsUndefined: true,
+    });
   });
 });
diff --git a/packages/snaps-controllers/wdio.config.ts b/packages/snaps-controllers/wdio.config.ts
@@ -11,7 +11,7 @@ export const config: Options.Testrunner = {
   runner: [
     'browser',
     {
-      headless: false,
+      headless: true,
       viteConfig: {
         plugins: [tsconfigPaths()],
         optimizeDeps: {

diff --git a/packages/snaps-execution-environments/src/common/lockdown/lockdown-events.ts b/packages/snaps-execution-environments/src/common/lockdown/lockdown-events.ts
@@ -15,7 +15,7 @@ export const targetEvents: { [index: string]: any } = Object.freeze({
   MessageEvent: ['source'],
   FocusEvent: ['relatedTarget'],
   MouseEvent: ['relatedTarget', 'fromElement', 'toElement'],
-  // TouchEvent: ['targetTouches', 'touches'],
+  TouchEvent: ['targetTouches', 'touches'],
   Event: ['target', 'currentTarget', 'srcElement', 'composedPath'],
 });