Make message_pipe ignore postMessages with no type

If you go to a app that uses message pipe (e.g. the inner frame of
media_app) and run:
window.parent.postMessage('something', '*')
You get an error: "Uncaught TypeError: Cannot read property 'substr' of
undefined"

This happens because message pipe intercepts all postMessages and tries
to handle them.

This CL makes message pipe ignore messages where event.data.type isn't a
string.

This change is to help with migrating help app to use message pipe -- to
prevent the existing postMessages from causing errors.
http://crrev.com/c/2405044

Bug: b/166043485
Change-Id: Ia66259bd4de542d628228282503c1d00a51d3e10
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2413650
Commit-Queue: Zufeng Wang <zufeng@google.com>
Reviewed-by: Trent Apted <tapted@chromium.org>
Cr-Commit-Position: refs/heads/master@{#808781}

chromeos/components/system_apps/public/js/message_pipe.js

@@ -389,6 +389,12 @@ class MessagePipe {
    */
   receiveMessage_(event) {
     const e = /** @type {!MessageEvent<!MessageData>} */ (event);
+
+    // Ignore message events missing a type.
+    if (typeof e.data !== 'object' || !e.data
+        || typeof e.data.type !== 'string') {
+      return;
+    }
     const {messageId, type, message} = e.data;
     const {ERROR_TYPE} = ReservedMessageTypes;
 

chromeos/components/system_apps/public/js/message_pipe_browsertest.js

@@ -71,6 +71,32 @@ TEST_F('MessagePipeBrowserTest', 'ReceivesSuccessResponse', async () => {
   testDone();
 });
 
+TEST_F('MessagePipeBrowserTest', 'IgnoresMessagesWithNoType', async () => {
+  await sendTestMessage('install-generic-responder');
+
+  let messageCount = 0;
+  const receiveMessage = event => {
+    messageCount++;
+    // There should be one 'response' for each of the postMessages below.
+    // There should be no response from parentMessagePipe because it should
+    // ignore the messages below.
+    assertEquals(event.data, 'test-response');
+    if (messageCount === 5) {
+      testDone();
+    }
+  };
+  window.addEventListener('message', receiveMessage, false);
+  const guestFrame = /** @type {!HTMLIFrameElement} */ (
+      document.querySelector('iframe'));
+  const TEST_GUEST_ORIGIN = 'chrome-untrusted://system-app-test';
+  // These postMessages should be ignored and not cause any errors.
+  guestFrame.contentWindow.postMessage('test', TEST_GUEST_ORIGIN);
+  guestFrame.contentWindow.postMessage({type: 9}, TEST_GUEST_ORIGIN);
+  guestFrame.contentWindow.postMessage({}, TEST_GUEST_ORIGIN);
+  guestFrame.contentWindow.postMessage(null, TEST_GUEST_ORIGIN);
+  guestFrame.contentWindow.postMessage(undefined, TEST_GUEST_ORIGIN);
+});
+
 // Tests that we receive an error if our message is unhandled.
 TEST_F('MessagePipeBrowserTest', 'ReceivesNoHandlerError', async () => {
   untrustedMessagePipe.logClientError = error =>

chromeos/components/system_apps/public/js/test_data/message_pipe_browsertest_untrusted.js

@@ -52,6 +52,14 @@ function installTestHandlers() {
     return parentMessagePipe.sendMessage('bad-handler');
   });
 
+  parentMessagePipe.registerHandler('install-generic-responder', () => {
+    // A general postMessage response to all message events. Does not use
+    // message pipe.
+    window.addEventListener('message', () => {
+      window.parent.postMessage('test-response', '*');
+    }, false);
+  });
+
   signalTestHandlersReady();
 }