fix(editor): Return early in ws message handler if no 'command' keyword is found (#7946)

## Summary Avoid processing websocket messages not n8n sent (filter on 'command' keyword)
2024-11-09 22:24:05 -08:00 · 2023-12-08 13:42:50 +01:00 · 2023-12-08 13:42:50 +01:00 · 5b2defc867
parent dcf12867b3
commit 5b2defc867
3 changed files with 81 additions and 65 deletions
--- a/packages/editor-ui/src/components/WorkflowPreview.vue
+++ b/packages/editor-ui/src/components/WorkflowPreview.vue
@ -136,21 +136,22 @@ const onMouseLeave = () => {
 };

 const receiveMessage = ({ data }: MessageEvent) => {
-	if (data?.includes('"command"')) {
-		try {
-			const json = JSON.parse(data);
-			if (json.command === 'n8nReady') {
-				ready.value = true;
-			} else if (json.command === 'openNDV') {
-				nodeViewDetailsOpened.value = true;
-			} else if (json.command === 'closeNDV') {
-				nodeViewDetailsOpened.value = false;
-			} else if (json.command === 'error') {
-				emit('close');
-			}
-		} catch (e) {
-			console.error(e);
+	if (!data?.includes?.('"command"')) {
+		return;
+	}
+	try {
+		const json = JSON.parse(data);
+		if (json.command === 'n8nReady') {
+			ready.value = true;
+		} else if (json.command === 'openNDV') {
+			nodeViewDetailsOpened.value = true;
+		} else if (json.command === 'closeNDV') {
+			nodeViewDetailsOpened.value = false;
+		} else if (json.command === 'error') {
+			emit('close');
 		}
+	} catch (e) {
+		console.error(e);
 	}
 };
 const onDocumentScroll = () => {
--- a/packages/editor-ui/src/components/tests/WorkflowPreview.test.ts
+++ b/packages/editor-ui/src/components/tests/WorkflowPreview.test.ts
@ -247,4 +247,18 @@ describe('WorkflowPreview', () => {
 			expect(emitted()).toEqual({});
 		});
 	});
+
+	it('should not do anything if no "command" is sent in the message and the `includes` method cannot be applied to the data', async () => {
+		const { emitted } = renderComponent({
+			pinia,
+			props: {},
+		});
+
+		window.postMessage(null, '*');
+
+		await waitFor(() => {
+			expect(console.error).not.toHaveBeenCalled();
+			expect(emitted()).toEqual({});
+		});
+	});
 });
--- a/packages/editor-ui/src/views/NodeView.vue
+++ b/packages/editor-ui/src/views/NodeView.vue
@ -4312,58 +4312,59 @@ export default defineComponent({
 			}
 		},
 		async onPostMessageReceived(message: MessageEvent) {
-			if (message?.data?.includes('"command"')) {
-				try {
-					const json = JSON.parse(message.data);
-					if (json && json.command === 'openWorkflow') {
-						try {
-							await this.importWorkflowExact(json);
-							this.isExecutionPreview = false;
-						} catch (e) {
-							if (window.top) {
-								window.top.postMessage(
-									JSON.stringify({
-										command: 'error',
-										message: this.$locale.baseText('openWorkflow.workflowImportError'),
-									}),
-									'*',
-								);
-							}
-							this.showMessage({
-								title: this.$locale.baseText('openWorkflow.workflowImportError'),
-								message: (e as Error).message,
-								type: 'error',
-							});
-						}
-					} else if (json && json.command === 'openExecution') {
-						try {
-							// If this NodeView is used in preview mode (in iframe) it will not have access to the main app store
-							// so everything it needs has to be sent using post messages and passed down to child components
-							this.isProductionExecutionPreview = json.executionMode !== 'manual';
-
-							await this.openExecution(json.executionId);
-							this.isExecutionPreview = true;
-						} catch (e) {
-							if (window.top) {
-								window.top.postMessage(
-									JSON.stringify({
-										command: 'error',
-										message: this.$locale.baseText('nodeView.showError.openExecution.title'),
-									}),
-									'*',
-								);
-							}
-							this.showMessage({
-								title: this.$locale.baseText('nodeView.showError.openExecution.title'),
-								message: (e as Error).message,
-								type: 'error',
-							});
-						}
-					} else if (json?.command === 'setActiveExecution') {
-						this.workflowsStore.activeWorkflowExecution = json.execution;
-					}
-				} catch (e) {}
+			if (!message?.data?.includes?.('"command"')) {
+				return;
 			}
+			try {
+				const json = JSON.parse(message.data);
+				if (json && json.command === 'openWorkflow') {
+					try {
+						await this.importWorkflowExact(json);
+						this.isExecutionPreview = false;
+					} catch (e) {
+						if (window.top) {
+							window.top.postMessage(
+								JSON.stringify({
+									command: 'error',
+									message: this.$locale.baseText('openWorkflow.workflowImportError'),
+								}),
+								'*',
+							);
+						}
+						this.showMessage({
+							title: this.$locale.baseText('openWorkflow.workflowImportError'),
+							message: (e as Error).message,
+							type: 'error',
+						});
+					}
+				} else if (json && json.command === 'openExecution') {
+					try {
+						// If this NodeView is used in preview mode (in iframe) it will not have access to the main app store
+						// so everything it needs has to be sent using post messages and passed down to child components
+						this.isProductionExecutionPreview = json.executionMode !== 'manual';
+
+						await this.openExecution(json.executionId);
+						this.isExecutionPreview = true;
+					} catch (e) {
+						if (window.top) {
+							window.top.postMessage(
+								JSON.stringify({
+									command: 'error',
+									message: this.$locale.baseText('nodeView.showError.openExecution.title'),
+								}),
+								'*',
+							);
+						}
+						this.showMessage({
+							title: this.$locale.baseText('nodeView.showError.openExecution.title'),
+							message: (e as Error).message,
+							type: 'error',
+						});
+					}
+				} else if (json?.command === 'setActiveExecution') {
+					this.workflowsStore.activeWorkflowExecution = json.execution;
+				}
+			} catch (e) {}
 		},
 		async onImportWorkflowDataEvent(data: IDataObject) {
 			await this.importWorkflowData(data.data as IWorkflowDataUpdate, 'file');