+ );
+
+ /*
+ * Deny calls to init_sec_context where we don't know that the
+ * target has the same hostname as the origin.
+ */
+ if(event.data.method == "gss_init_sec_context" &&
+ typeof(event.data.arguments) != 'undefined' &&
+ gssHostNames[event.data.arguments.target_name] !=
+ document.location.hostname)
+ {
+ console.log("[" + appTag + "] Window message listener received " +
+ "gss_init_sec_context, but the hostname in the " +
+ "target_name could not be found to match the document " +
+ "location hostname.");
+ sendReplyToWebpage({
+ 'method':'gss_init_sec_context',
+ 'return_values': {
+ 'major_status': -2,
+ 'minor_status': -1,
+ 'major_status_message': 'The GSS call cannot be completed',
+ 'minor_status_message': 'init_sec_context requires a target ' +
+ 'that matches your page origin.'
+ },
+ 'cookies': event.data.cookies;
+ });
+ return;
+ }
+
+ /* Add a content script tag, csTag */
+ var csTag = navigator.generateNonce();
+ event.data.cookies.cs_tag = csTag;
+
+ /* Save out the hostname from calls to import_name with an
+ * NT hostbased name
+ */
+ if(event.data.method == 'gss_import_name')
+ {
+ if( typeof(event.data.arguments) != 'undefined' &&
+ ( event.data.arguments.input_name_type ==
+ "{1 2 840 113554 1 2 1 4 }" ||
+ event.data.arguments.input_name_type ==
+ "1.2.840.113554.1.2.1.4" ) )
+ {
+ var hostname = /[^@]*$/.exec(event.data.arguments.input_name)[0];
+ pendingGssHostNames[csTag] = hostname;
+ }
+ }
+