I have an application (Vanilla JS / Weback + Babel) that uses postMessage to communicate between host page and an iframe (different domains).
I have noticed, that on IOS 12 Chrome browser does send an event that lands in my listener on interactions like button click.
Event data looks like that:
{
"type":"org.chromium.contextMenuMessage",
"requestId":"CC0C490584C989ACE524F0ED69F418DD",
"x":245,
"y":399.5
}
What is it? I couldn't find any resource that could explain that behaviour.
Edit: also, the strangest thing about this event is, that it seems to be present on production environment, but not on localhost.
I'm seeing a very similar thing on my app. I'm receiving messages into a cross-domain iframe from Chrome on iOS v12 and Chrome v76.0.3809. The content of the message I'm receiving is different, more in the form of:
{
iv: e8LCrn94cSbycO3i
payload: daPXeVR5GBg2IffLQ/2fuTmVGzJLnM++z2nC+cjR5kGcG1VhIBHni6tIrw94Gg+KvyMUMVNY3mjfJ9jMhT4g8fcnngZkiLirqoUOqMagVY3gaEzYBCb4ZVgtRelv/paccs7hc/rMi+cDr2eCOSzzKQ6fpHU=
target_frame_id: 419b482d9b6c4565f8dd4e2f470a518
type: org.chromium.encryptedMessage
}
I'm not sure what Chrome is using this data for specifically, it's most likely for communicating with add-ons.
The salient point here is that if you're listening for messages in your iframe using something like:
window.addEventListener('message', callback);
then you will receive all messages sent via postMessage and it's up to you to filter them. Any code on the page, including the browser, has the ability to send message events.