From 0128a7ea47847b9fa04dbf98327f4bc1760c5e11 Mon Sep 17 00:00:00 2001 From: Wilco Fiers Date: Thu, 7 Sep 2017 11:13:17 +0200 Subject: [PATCH] fix(responsible): Restrict error construction to known errors --- lib/core/utils/respondable.js | 7 +++++-- test/core/utils/respondable.js | 30 ++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/lib/core/utils/respondable.js b/lib/core/utils/respondable.js index e7394ec59d..73c5ce93fa 100644 --- a/lib/core/utils/respondable.js +++ b/lib/core/utils/respondable.js @@ -2,7 +2,9 @@ (function (exports) { 'use strict'; var messages = {}, - subscribers = {}; + subscribers = {}, + errorTypes = Object.freeze(['EvalError', 'RangeError', 'ReferenceError', + 'SyntaxError', 'TypeError', 'URIError']); /** * get the unique string to be used to identify our instance of aXe @@ -154,7 +156,8 @@ */ function buildErrorObject(error) { var msg = error.message || 'Unknown error occurred'; - var ErrConstructor = window[error.name] || Error; + var errorName = errorTypes.includes(error.name) ? error.name : 'Error'; + var ErrConstructor = window[errorName] || Error; if (error.stack) { msg += '\n' + error.stack.replace(error.message, ''); diff --git a/test/core/utils/respondable.js b/test/core/utils/respondable.js index 0b8984d83b..f1cfce45db 100644 --- a/test/core/utils/respondable.js +++ b/test/core/utils/respondable.js @@ -332,6 +332,36 @@ describe('axe.utils.respondable', function () { assert.isTrue(success); }); + it('should create an Error if an invalid error type is passed', function () { + var success = false; + var event = document.createEvent('Event'); + window.evil = function () {}; + // Define that the event name is 'build'. + event.initEvent('message', true, true); + event.data = JSON.stringify({ + _respondable: true, + _source: 'axe.2.0.0', + topic: 'Death star', + error: { + name: 'evil', + message: 'The exhaust port is open!', + trail: '... boom' + }, + uuid: mockUUID + }); + event.source = window; + + axe.utils.respondable(window, 'Death star', null, true, function (data) { + success = true; + assert.instanceOf(data, Error); + assert.equal(data.message, 'The exhaust port is open!'); + }); + + document.dispatchEvent(event); + assert.isTrue(success); + window.evil = undefined; + }); + it('uses respondable.isInFrame() to check if the page is in a frame or not', function() { assert.equal(axe.utils.respondable.isInFrame(), !!window.frameElement);