Per HTML5 http://www.whatwg.org/specs/web-apps/current-work/complete/web-messaging.html#dom-window-postmessage postMessage() should throw if targetOrigin contains a path component.
See also: https://bugzilla.mozilla.org/show_bug.cgi?id=578380
Anne, do you know if there is a good reason for this requirement? Ignoring unnecessary components seems cleaner in general.
Authors might otherwise mistakenly believe they get more protection than they actually do. To me it seems cleaner to reject everything that is not an origin.
In general, we strongly dislike raising exceptions where they weren't raised before, since that tends to transform minor/potential mistakes into serious breakage of functionality on existing pages.
The spec has changed.
Thanks. This seems invalid per the new spec.