RESOLVED INVALID Bug 42170
postMessage() second argument should not accept full URL 
https://bugs.webkit.org/show_bug.cgi?id=42170
Summary postMessage() second argument should not accept full URL
Anne van Kesteren
Reported 2010-07-13 09:19:51 PDT
Per HTML5 http://www.whatwg.org/specs/web-apps/current-work/complete/web-messaging.html#dom-window-postmessage postMessage() should throw if targetOrigin contains a path component.
Attachments
Add attachment proposed patch, testcase, etc.
Anne van Kesteren
Comment 1 2010-07-13 09:23:39 PDT
See also: https://bugzilla.mozilla.org/show_bug.cgi?id=578380
Alexey Proskuryakov
Comment 2 2010-07-13 09:45:43 PDT
Anne, do you know if there is a good reason for this requirement? Ignoring unnecessary components seems cleaner in general.
Anne van Kesteren
Comment 3 2010-07-13 09:54:47 PDT
Authors might otherwise mistakenly believe they get more protection than they actually do. To me it seems cleaner to reject everything that is not an origin.
Alexey Proskuryakov
Comment 4 2010-07-13 10:14:08 PDT
In general, we strongly dislike raising exceptions where they weren't raised before, since that tends to transform minor/potential mistakes into serious breakage of functionality on existing pages.
Ian 'Hixie' Hickson
Comment 5 2010-08-10 18:11:28 PDT
The spec has changed.
Alexey Proskuryakov
Comment 6 2010-08-10 22:41:58 PDT
Thanks. This seems invalid per the new spec.
Note You need to log in before you can comment on or make changes to this bug.