[whatwg] Request: window.postMessage should be async
Adam Barth
hk9565 at gmail.com
Sat Apr 5 01:43:47 PDT 2008
Peter,
On Sat, Apr 5, 2008 at 12:38 AM, Peter Kasting <pkasting at google.com> wrote:
> Or, if you like, take the position that the argument should stay optional,
> and if someone for some reason doesn't have to care about security (?!),
> they can avoid passing it. Although I'm not sure this is a particularly
> great idea :)
If the caller doesn't care who receives the message, it makes sense to
omit the targetOrigin parameter. For example, if Google Maps were to
implement it's map gadget using postMessage, it would be happy to send
messages to and receive messages from any web page.
> Are you sure? I'm reading the docs in section 4.1.4, and it seems to say
> that this is only true for changes within the unit of related browsing
> contexts. If it is possible to get a reference to a Window outside this
> group, then your statement is untrue. But I'm not sure whether that's
> possible.
It is not possible to obtain a JavaScript pointer to a window outside
your unit of related browsing contexts. In most browsers, it is
possible to script windows outside your unit of related browsing
contexts via window.open("javascript:...", "foo"), but (1) this method
can't pass pointers and (2) HTML 5 does not promise that this will
succeed:
"...and the user agent determines that the two browsing contexts are
related enough that it is ok if they reach each other ..."
<http://www.whatwg.org/specs/web-apps/current-work/#the-rules>
Adam
More information about the whatwg
mailing list