[whatwg] A few hints on html5 - part 3
Calogero Alex Baldacchino
alex.baldacchino at email.it
Tue Dec 16 09:16:20 PST 2008
About the cross-document messaging
Let's consider the following scenario. A somewhat productivity suite (or
any sort of "web applications collection") is made up of a few different
top-level/auxiliary browsing contexts - let's call each one a "module" -
eventually from different origins, and exploits cross-document
communications to some extent, i.e. to delegate some computations or
some shareable communications with a remote server; each module is
independent and can instantiate the proper auxiliary module(s).
Here we are: as far as the modules are instantiated as auxiliary
browsing contexts of one other module (i.e. through a call to
'window.open()'), communications are easily established, but what if any
module is instantiated by the user as a separate top-level browsing
context, i.e. opening a new tab or window and recalling the module
document from a bookmark? I'd suggest the following:
- a mechanism is established to get access, without any restriction, to
every browsing context for which the user agent can individuate a
non-empty, non-null, non-undefined name attribute, at least with the
capability to let "cross-origin" access to the postMessage() methods.
For instance, the specifications could clearly state that the Window
open() method must return an existing window reference with the
specified name when invoked with an empty string or null as URL
argument, with no security restriction (security restrictions should
apply just to the returned window object properties). When more than one
browsing context share the same name, actual "rules for choosing a
browsing context given a browsing context name" should apply to choose a
first result, without checking if current browsing context is allowed to
navigate that browsing context; it might be helpful to get instead a
list of all browsing contexts with the same name, obtained as follow: a
Window object is created as a pseudo unit of browsing contexts, so that
each browsing context is reachable both by invoking the XXX4() method
and by accessing the frames property; each browsing context is wrapped
in a Window object with 1)accessible postMessage() methods, calling the
wrapped window ones, 2)an accessible parent attribute referring to the
grouping Window object, 3)a self attribute referring to the wrapped
object, accessible if access to the wrapped object is allowed by
security restrictions, 4) access denied, without any exception/error
arising, to any other method/attribute; the first member of the group
(i.e. the object returned by calling XXX4(0) on the grouping Window) is
the wrapper for a Window object determined by the rules for choosing a
browsing context given a browsing context name (i.e. the most recently
opened, or focused, or the most related with the open() method caller
browsing context) and is returned.
- optionally, a few "postMessageToAll()" methods (with about the same
arguments of the postMessage() ones) could be considered to let any
browsing context to communicate, through its own Window interface,
either to any other browsing context (eventually allowing communications
from current browsing context as source, see below), or to every
browsing contexts constrained by the same name (passed as, let's say,
first argument), or to every browsing contexts with the same domain
(specified, let's say, as the second argument).
Let's consider another scenario. A site (perhaps a blog) embeds content
from a forum (or any social network), and uses script code to connect to
the remote server and keep it's content up to date, but also to notify
the user about any changes in other contents the remote server holds as
subscribed (this scenario can be extended to mail notifications in the
previous example of a productivity suite, or to a groupware). When the
user navigates other documents from the site in different browsing
contexts, each one is aware of the others (perhaps establishing a
connection through a call to postMessageToAll, or by getting a reference
by name); to avoid increasing the number of connections per server, any
successive document navigated as a standalone browsing context (after
the first or after a certain number) won't connect to the remote server,
but will communicate with the document having an active remote
connection. That is: the first navigated document maintains a remote
connection and receives notifications as remote events; if it is fully
active, the notifications are shown to the user, otherwise a message is
sent to any other known document capable to handle the notification,
hoping one is fully active; the first document becoming fully active
handles the messages and notifies to the other documents that any
required operation has been performed; when the remote events handling
document(s) are to become no more active (i.e. they unload), a message
is sent to the remaining documents so they can decide (somehow) who's
the next "dispatcher".
The above could be realized with a few eventsource elements in the
documents, each one with a proper list of event sources and one or more
MessageEvent listeners on the corresponding Window object, which could
"manually" handle the switching operations (i.e. calling the appropriate
element's addEventSource()/removeEventSource() and creating the
appropriate event to dispatch to the eventsource listeners from the
received messages); however, most of the work could be automated in the
following manner:
- let the MessageEvent instances hold one attribute for the remote event
URL and one for the remote event type;
- let's provide appropriate methods to set those attributes and to post
a message constrained this way (a pair of initMessageEvent and
postMessageEvent variant should be enough);
- let the RemoteEventTarget list of event sources hold, for each source,
an attribute (to be set when adding a source and optionally referred to
on removal) identifying one of three state: remote-only, for exclusively
remote messaging; local-only, for cross-document messaging (mainly
thought for Window objects, optionally for other elements); both-sides
to handle a scenario like the above described one; a proper attribute
could be thought for eventsource elements, such to be coupled with the
src attribute;
- let Window objects have a default action for message events,
inspecting the event for remote url and event type and, if found,
forwarding the event - with proper modification, or creating a new
appropriate event - to each RemoteEventTarget waiting for that remote
source, with a "both" state, present in the active document; optionally
a non remote cross-document message could be considered to be dispatched
to the active document RemoteEventTargets waiting for cross-document
messages (see below);
- optionally, for security aim, it could be established that before
accepting a remote event dispatched as a cross-document event, a
connection is made to the remote source to get a session id as the first
streamed event data, which must match the cross-document message data
(the remote events originating server should be capable to identify the
user instantiating the communication through different
documents/browsing-contexts, i.e. by the mean of a log-in procedure,
session-ids, cookies, or a combination of those methods, and so generate
and send the same "session-communication-id");
Listing an expected source of cross-document events as a remote source
(that is taking advantage of the RemoteEventTarget interface), specially
on Window objects, could be helpful to improve cross-document security,
since posting a message would fail not only if the recipient origin does
not match the message targetOrigin, but also if the message origin is
not registered as a valid source; anyway, the possibility to get
messages from any other Window should be preserved availing the
registration of the string "*" (this should be the default value of a
default source if no source is registered, with a state of "both"; when
the first source is registered the default source is removed; if the "*"
string is added to a list comprehending valid absolute URLs, the state
should discriminate the acceptance of a message - i.e. a simple
cross-document message is accepted from any source while a
cross-document message "enveloping" a remote event is accepted from just
one source, and dispatched if an eventsource is waiting from messages
from such source).
Furthermore, the EventListener interface could be derived to give the
opportunity to list all sources a listener is able to handle, as tuples
consisting of: 1)the expected target origin (either the listener owner
document origin, or "*"), 2)the expected source origin (the event origin
attribute), 3) the expected remote source origin (for remote events
dispatched as cross-document messages), 4)the accepted state; all 4
components of the tuple could be optional (but not missing: null or the
empty string should be valid values), but at least one of the first
three should not be neither null nor the empty string, otherwise the
whole tuple should be ignored (and discarded from the list); if the
state component is not expressed, it should default to the value of
"both" (this being either a string or a numerical value, accessible as a
constant: to be defined); if no tuple is listed, a default tuple is
created with the components: ("*","*","*",<both_value>); the tuple
("","","http://example.server.src",<remote_only_value>) should accept
events just from the indicated remote server, while the tuple
("","","http://example.server.src",<both_value>) should be treated as if
the first two components were equals to "*", meaning any remote event
originating at "http://example.server.src" can be accepted as a
cross-document re-dispatched one, and the tuple
("","","http://example.server.src",<local_only_value>) should be illegal
(as if the 3rd component where "" or null); if the state component is
"remote-only" the first two components, if expressed, should be ignored
(or the second be legal only if matching the third, since we are dealing
with remote events accepted just from the remote server), if it is
"local-only" the 3rd component should be ignored (and deemed as
mistaken, but without entering an error state, since the user agent
should never dispatch cross-document re-dispatched remote events to a
listener waiting for "local-only" cross-document messages, despite the
remote component of the tuple â that is, the third one â otherwise that
should be deemed as illegal), while if it is "both" the 3rd component,
if not expressed should be defaulted to the string "*".
The tuples list on a message listener should simplify the URLs checking
inside the listener (which could be thought to make the same operations
consistently in different contexts, so no checking could be needed at
all), and thus improving the overall security. In such an environment a
cross-document message is delivered if and only if: a) the target origin
matches the document domain or is the "*" string, and b) the message
origin is listed as remote source for the Window object (or is expressly
allowed by the "*" string), and c) a listener is actually waiting a
message of that type from that source and with the corresponding
connection state (either "local-only" or "both"); a remote (streamed)
event is delivered if: a) the event source is registered to a
RemoteEventTarget, and b) a listener on such RemoteEventTarget is
actually waiting for an event of that type from the same source. This
should also enable a precise listener selection.
Allowing a RemoteEventTarget inside a document to list a source as
"local-only" and receive messages from other documents instead of remote
servers (through out a default action defined for Window objects
receiving messages, which could not handle it directly) could be an
alternative (and to some extent a redundant) way to allow cross-document
messaging at a Document level instead of a browsing context level, maybe
suitable for some scenarios (or maybe just desirable, as far as a
certain grade of redundancy in an API might be desirable). A
"originForResponse" and a "sourceForResponse" attributes could be
considered, for the MessageEvent interface, in order to allow a certain
capability of syndication and communications distribution and switching
among collaborating documents (i.e. the listener checks for those
attributes and answers in a manner such as:
'event.sourceForResponce.postMessage(message_str,
event.originForResponse)' â the postMessage methods should accept two
arguments to set those attributes). If a post method were provided to
allow communications from a single source to any existing browsing
context (i.e. "postMessageToAll()"), the "targetOrigin" argument should
be absent and it should be clearly stated in the specs that such a
method must call the proper post method on each existing browsing
context, passing the proper URL as the targetOrigin argument.
Regards, Alex
--
Caselle da 1GB, trasmetti allegati fino a 3GB e in piu' IMAP, POP3 e SMTP autenticato? GRATIS solo con Email.it http://www.email.it/f
Sponsor:
CheBanca! La prima banca che ti dà gli interessi in anticipo.
* Fino al 4,70% sul Conto Deposito, zero spese e interessi subito. Aprilo!
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=8435&d=16-12
More information about the whatwg
mailing list