Protect access to localStorage variable

YahooArchive · Sep 30, 2018 · 0bb3922 · 0bb3922
1 parent aa3894e
commit 0bb3922
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 5 deletions.
diff --git a/boomerang.js b/boomerang.js
@@ -871,14 +871,14 @@ BOOMR_check_doc_domain();
 			var name = impl.LOCAL_STORAGE_PREFIX + "clss";
 			impl.localStorageSupported = false;
 
-			// we need JSON and localStorage support
-			if (!w.JSON || !w.localStorage) {
-				return;
-			}
-
 			// Browsers with cookies disabled or in private/incognito mode may throw an
 			// error when accessing the localStorage variable
 			try {
+				// we need JSON and localStorage support
+				if (!w.JSON || !w.localStorage) {
+					return;
+				}
+
 				w.localStorage.setItem(name, name);
 				impl.localStorageSupported = (w.localStorage.getItem(name) === name);
 				w.localStorage.removeItem(name);

diff --git a/tests/page-templates/13-logn/07-localStorage-error.html b/tests/page-templates/13-logn/07-localStorage-error.html
@@ -0,0 +1,23 @@
+<%= header %>
+<script type="text/javascript">
+// ensure we wait for LOGN
+window.BOOMR_LOGN_always = true;
+// we can use the fact that the api key is pasted into the config query request to delay config
+window.BOOMR_API_key = "13-logn-07-localstorage-error&delay=2000";
+
+// accessing localStorage will throw an error
+window.__defineGetter__("localStorage", function() {
+	throw new Error("Security Exception");
+});
+
+</script>
+<!-- ensure the script is on the page before onload -->
+<%= boomerangScript %>
+
+<script src="07-localstorage-error.js" type="text/javascript"></script>
+<script type="text/javascript">
+BOOMR_test.init({
+	testAfterOnBeacon: 1
+});
+</script>
+<%= footer %>
diff --git a/tests/page-templates/13-logn/07-localStorage-error.js b/tests/page-templates/13-logn/07-localStorage-error.js
@@ -0,0 +1,37 @@
+/*eslint-env mocha*/
+/*global BOOMR_test*/
+
+describe("e2e/13-logn/07-localstorage-error", function() {
+	var tf = BOOMR.plugins.TestFramework;
+	var t = BOOMR_test;
+
+	it("Should have sent one beacon", function(done) {
+		this.timeout(10000);
+		t.ensureBeaconCount(done,  1);
+	});
+
+	it("Should have a h.cr from server", function() {
+		var b = tf.lastBeacon();
+		assert.notEqual(b["h.cr"], "abc");
+	});
+
+	it("Should have a h.pg of FROMSERVER", function() {
+		var b = tf.lastBeacon();
+		assert.equal(b["h.pg"], "FROMSERVER");
+	});
+
+	it("Should have a config load time on beacon", function() {
+		var b = tf.lastBeacon();
+		assert.operator(parseInt(b.t_configjs), ">=", 2000, "t_configjs is above 2000 ms");
+	});
+
+	it("Should have a config first byte time on beacon", function() {
+		var b = tf.lastBeacon();
+		assert.operator(parseInt(b.t_configfb), ">=", 2000, "t_configfb is above 2000 ms");
+	});
+
+	it("Should not have a localStorage config load time on beacon", function() {
+		var b = tf.lastBeacon();
+		assert.isUndefined(b.t_configls);
+	});
+});
diff --git a/tests/server/config/13-logn-07-localstorage-error.js b/tests/server/config/13-logn-07-localstorage-error.js
@@ -0,0 +1,17 @@
+BOOMR_configt=new Date().getTime();
+BOOMR.addVar({"h.t":{{H_T}},"h.cr":"{{H_CR}}"});
+BOOMR.init({
+	autorun: false,
+	"PageParams": {
+		"pageGroups": [
+			{
+				"type": "Regexp",
+				"parameter1": "/pages/",
+				"parameter2": "FROMSERVER"
+			}
+		]
+	},
+	"LOGN": {
+		"storeConfig": true
+	}
+});
diff --git a/tests/server/config/13-logn-07-localstorage-error.json b/tests/server/config/13-logn-07-localstorage-error.json
@@ -0,0 +1,18 @@
+{
+	"h.t": {{H_T}},
+	"h.cr": "{{H_CR}}",
+	"h.d": "{{DOMAIN}}",
+	"autorun": false,
+	"PageParams": {
+		"pageGroups": [
+			{
+				"type": "Regexp",
+				"parameter1": "/pages/",
+				"parameter2": "FROMSERVER"
+			}
+		]
+	},
+	"LOGN": {
+		"storeConfig": true
+	}
+}