[whatwg] Fixed a security problem with postMessage()
Ian Hickson
ian at hixie.ch
Tue Feb 12 12:03:46 PST 2008
While going through the feedback for postMessage(), I noticed a couple of
security problems that nobody had raised:
* message.domain isn't actually enough to verify any security, given that
on shared hosts one IP address can map to several hostnames and thus
people can end up running servers on different ports that respond to
requests from domains they don't own.
* message.uri can leak information, e.g. if the user's password is in the
query component of the URI.
Basically, .domain is too little, and .uri is too much.
I've replaced both with .origin, which is intended to return the
scheme://hostname/ or scheme://hostname:port/ (when the port is
non-standard) of the origin of the source document.
It's still vague for data: URIs, etc; I have outstanding feedback on that
matter and will address that when I respond to that feedback.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list