[html5] r5277 - [giow] (2) drop support for '/' origins in postMessage(), and require that paths [...]

whatwg at whatwg.org whatwg at whatwg.org
Tue Aug 10 18:11:05 PDT 2010 

Author: ianh
Date: 2010-08-10 18:11:03 -0700 (Tue, 10 Aug 2010)
New Revision: 5277

Modified:
   complete.html
   index
   source
Log:
[giow] (2) drop support for '/' origins in postMessage(), and require that paths be ignored.

Modified: complete.html
===================================================================
--- complete.html	2010-08-10 23:24:17 UTC (rev 5276)
+++ complete.html	2010-08-11 01:11:03 UTC (rev 5277)
@@ -209,7 +209,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG src=/images/logo></a></p>
    <hgroup><h1>Web Applications 1.0</h1>
-    <h2 class="no-num no-toc">Draft Standard — 10 August 2010</h2>
+    <h2 class="no-num no-toc">Draft Standard — 11 August 2010</h2>
    </hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
    <p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
    <!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
@@ -75894,7 +75894,7 @@
     send the message to the target regardless of origin, set the
     target origin to "<code title="">*</code>". To restrict the
     message to same-origin targets only, without needing to explicitly
-    state the origin, set the target origin to "<code title="">/</code>".</p>
+    state the origin, pass the <code title=dom-location><a href=#dom-location>window.location</a></code> object.</p>
 
     <p>Throws an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> if the <var title="">ports</var> array is not null and it contains either null
     entries or duplicate ports.</p>
@@ -75922,12 +75922,9 @@
   <ol><li>
 
     <p>If the value of the <var title="">targetOrigin</var> argument
-    is neither a single U+002A ASTERISK character (*), a single U+002F
-    SOLIDUS character (/), nor an <a href=#absolute-url>absolute URL</a> with a
-    <code title=url-host-specific><a href=#url-host-specific><host-specific></a></code>
-    component that is either empty or a single U+002F SOLIDUS
-    character (/), then throw a <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception and
-    abort the overall set of steps.</p>
+    is neither a single U+002A ASTERISK character (*) nor an
+    <a href=#absolute-url>absolute URL</a>, then throw a <code><a href=#syntax_err>SYNTAX_ERR</a></code>
+    exception and abort the overall set of steps.</p>
 
    </li>
 
@@ -75976,13 +75973,6 @@
 
    <li>
 
-    <p>If the <var title="">targetOrigin</var> argument is a single
-    literal U+002F SOLIDUS character (/), and the
-    <code><a href=#document>Document</a></code> of the <code><a href=#window>Window</a></code> object on which
-    the method was invoked does not have the <a href=#same-origin>same origin</a>
-    as the <a href=#entry-script>entry script</a>'s <a href="#script's-document" title="script's
-    document">document</a>, then abort these steps silently.</p>
-
     <p>Otherwise, if the <var title="">targetOrigin</var> argument is
     an <a href=#absolute-url>absolute URL</a>, and the <code><a href=#document>Document</a></code> of the
     <code><a href=#window>Window</a></code> object on which the method was invoked does

Modified: index
===================================================================
--- index	2010-08-10 23:24:17 UTC (rev 5276)
+++ index	2010-08-11 01:11:03 UTC (rev 5277)
@@ -213,7 +213,7 @@
 
   <header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG src=/images/logo></a></p>
    <hgroup><h1>HTML5 (including next generation additions still in development)</h1>
-    <h2 class="no-num no-toc">Draft Standard — 10 August 2010</h2>
+    <h2 class="no-num no-toc">Draft Standard — 11 August 2010</h2>
    </hgroup><p>You can take part in this work. <a href=http://www.whatwg.org/mailing-list>Join the working group's discussion list.</a></p>
    <p><strong>Web designers!</strong> We have a <a href=http://blog.whatwg.org/faq/>FAQ</a>, a <a href=http://forums.whatwg.org/>forum</a>, and a <a href=http://www.whatwg.org/mailing-list#help>help mailing list</a> for you!</p>
    <!--<p class="impl"><strong>Implementors!</strong> We have a <a href="http://www.whatwg.org/mailing-list#implementors">mailing list</a> for you too!</p>-->
@@ -69729,7 +69729,7 @@
     send the message to the target regardless of origin, set the
     target origin to "<code title="">*</code>". To restrict the
     message to same-origin targets only, without needing to explicitly
-    state the origin, set the target origin to "<code title="">/</code>".</p>
+    state the origin, pass the <code title=dom-location><a href=#dom-location>window.location</a></code> object.</p>
 
     <p>Throws an <code><a href=#invalid_state_err>INVALID_STATE_ERR</a></code> if the <var title="">ports</var> array is not null and it contains either null
     entries or duplicate ports.</p>
@@ -69757,12 +69757,9 @@
   <ol><li>
 
     <p>If the value of the <var title="">targetOrigin</var> argument
-    is neither a single U+002A ASTERISK character (*), a single U+002F
-    SOLIDUS character (/), nor an <a href=#absolute-url>absolute URL</a> with a
-    <code title=url-host-specific><a href=#url-host-specific><host-specific></a></code>
-    component that is either empty or a single U+002F SOLIDUS
-    character (/), then throw a <code><a href=#syntax_err>SYNTAX_ERR</a></code> exception and
-    abort the overall set of steps.</p>
+    is neither a single U+002A ASTERISK character (*) nor an
+    <a href=#absolute-url>absolute URL</a>, then throw a <code><a href=#syntax_err>SYNTAX_ERR</a></code>
+    exception and abort the overall set of steps.</p>
 
    </li>
 
@@ -69811,13 +69808,6 @@
 
    <li>
 
-    <p>If the <var title="">targetOrigin</var> argument is a single
-    literal U+002F SOLIDUS character (/), and the
-    <code><a href=#document>Document</a></code> of the <code><a href=#window>Window</a></code> object on which
-    the method was invoked does not have the <a href=#same-origin>same origin</a>
-    as the <a href=#entry-script>entry script</a>'s <a href="#script's-document" title="script's
-    document">document</a>, then abort these steps silently.</p>
-
     <p>Otherwise, if the <var title="">targetOrigin</var> argument is
     an <a href=#absolute-url>absolute URL</a>, and the <code><a href=#document>Document</a></code> of the
     <code><a href=#window>Window</a></code> object on which the method was invoked does

Modified: source
===================================================================
--- source	2010-08-10 23:24:17 UTC (rev 5276)
+++ source	2010-08-11 01:11:03 UTC (rev 5277)
@@ -85452,8 +85452,8 @@
     send the message to the target regardless of origin, set the
     target origin to "<code title="">*</code>". To restrict the
     message to same-origin targets only, without needing to explicitly
-    state the origin, set the target origin to "<code
-    title="">/</code>".</p>
+    state the origin, pass the <code
+    title="dom-location">window.location</code> object.</p>
 
     <p>Throws an <code>INVALID_STATE_ERR</code> if the <var
     title="">ports</var> array is not null and it contains either null
@@ -85489,12 +85489,9 @@
    <li>
 
     <p>If the value of the <var title="">targetOrigin</var> argument
-    is neither a single U+002A ASTERISK character (*), a single U+002F
-    SOLIDUS character (/), nor an <span>absolute URL</span> with a
-    <code title="url-host-specific"><host-specific></code>
-    component that is either empty or a single U+002F SOLIDUS
-    character (/), then throw a <code>SYNTAX_ERR</code> exception and
-    abort the overall set of steps.</p>
+    is neither a single U+002A ASTERISK character (*) nor an
+    <span>absolute URL</span>, then throw a <code>SYNTAX_ERR</code>
+    exception and abort the overall set of steps.</p>
 
    </li>
 
@@ -85547,13 +85544,6 @@
 
    <li>
 
-    <p>If the <var title="">targetOrigin</var> argument is a single
-    literal U+002F SOLIDUS character (/), and the
-    <code>Document</code> of the <code>Window</code> object on which
-    the method was invoked does not have the <span>same origin</span>
-    as the <span>entry script</span>'s <span title="script's
-    document">document</span>, then abort these steps silently.</p>
-
     <p>Otherwise, if the <var title="">targetOrigin</var> argument is
     an <span>absolute URL</span>, and the <code>Document</code> of the
     <code>Window</code> object on which the method was invoked does

More information about the Commit-Watchers mailing list