[whatwg] [Cross-document messaging] Restrictions on targetOrigin
João Eiras
joaoe at opera.com
Fri Feb 10 08:09:03 PST 2012
Hi.
Step 1 of the spec [1] for postMessage says:
"1. If the value of the targetOrigin argument is neither a single U+002A
ASTERISK character (*), a single U+002F SOLIDUS character (/), nor an
absolute URL, then throw a SyntaxError exception and abort the overall set
of steps."
The absolute URL part will create problems when the origin of the
scripting environment does not serialize to an absolute URL.
For instance, if you have two documents A and B in a non http context,
where typically the origin will be "null", like file: or data:, and post a
message from A to B, B will receive a message event which event.origin
property has a value of "null".
If the listener then does
# event.source.postMessage(reply, event.origin)
(which is a code snippet easily found in online tutorials) step 1 causes
that call to fail with a SYNTAX_ERR exception.
Step 1 should be changed to instead of referring to an absolute URI, refer
to a valid origin, as serialized by the origin serialization algorithm.
Thoughts ?
[1]
http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html#posting-messages
More information about the whatwg
mailing list