Fix: worker postmessage targetUrl fixed (#3066)

* fix: worker postmessage targetUrl fixed

* fix: postMessage method updated to have a log and Note

* update: test added

* update: note added to header script

* fix: clean code

---------

Co-authored-by: adil.rakhaliyev <adil.rakhaliyev@devexpress.com>

Author: Bayheck

src/client/sandbox/event/message.ts

@@ -215,6 +215,14 @@ export default class MessageSandbox extends SandboxBase {
     postMessage (contentWindow: Window, args) {
         const targetUrl = args[1] || destLocation.getOriginHeader();
 
+        // NOTE: We do NOT support the postMessage(message, options) overload.
+        // The second argument is expected to be `targetOrigin` (string).
+        // If an options object is provided instead, the call is considered invalid and will be aborted.
+        if (typeof targetUrl !== 'string') {
+            nativeMethods.consoleMeths.log(`testcafe-hammerhead: postMessage called with invalid targetOrigin; aborting call (type: ${typeof targetUrl})`);
+            return null;
+        }
+
         // NOTE: Here, we pass all messages as "no preference" ("*").
         // We do an origin check in "_onWindowMessage" to access the target origin.
         args[1] = '*';

test/client/fixtures/sandbox/event/message-test.js

@@ -35,6 +35,22 @@ asyncTest('should pass "transfer" argument for "postMessage" (GH-1535)', functio
     callMethod(window, 'postMessage', ['test', '*', [channel.port1]]);
 });
 
+asyncTest('should not accept an object as "targetOrigin"', function () {
+    var called = false;
+    var handler = function () {
+        called = true;
+    };
+
+    window.addEventListener('message', handler);
+    callMethod(window, 'postMessage', ['message', { test: 1 }]);
+
+    window.setTimeout(function () {
+        ok(!called, 'message should not be delivered');
+        window.removeEventListener('message', handler);
+        start();
+    }, 100);
+});
+
 asyncTest('onmessage event', function () {
     var count = 0;