Bug 42170 - postMessage() second argument should not accept full URL
Summary: postMessage() second argument should not accept full URL
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL: javascript:var url="http://www.examp...
Keywords:
Depends on:
Blocks:
 
Reported: 2010-07-13 09:19 PDT by Anne van Kesteren
Modified: 2010-08-10 22:41 PDT (History)
4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Anne van Kesteren 2010-07-13 09:19:51 PDT 
Per HTML5 http://www.whatwg.org/specs/web-apps/current-work/complete/web-messaging.html#dom-window-postmessage postMessage() should throw if targetOrigin contains a path component.
Comment 1 Anne van Kesteren 2010-07-13 09:23:39 PDT 
See also: https://bugzilla.mozilla.org/show_bug.cgi?id=578380
Comment 2 Alexey Proskuryakov 2010-07-13 09:45:43 PDT 
Anne, do you know if there is a good reason for this requirement? Ignoring unnecessary components seems cleaner in general.
Comment 3 Anne van Kesteren 2010-07-13 09:54:47 PDT 
Authors might otherwise mistakenly believe they get more protection than they actually do. To me it seems cleaner to reject everything that is not an origin.
Comment 4 Alexey Proskuryakov 2010-07-13 10:14:08 PDT 
In general, we strongly dislike raising exceptions where they weren't raised before, since that tends to transform minor/potential mistakes into serious breakage of functionality on existing pages.
Comment 5 Ian 'Hixie' Hickson 2010-08-10 18:11:28 PDT 
The spec has changed.
Comment 6 Alexey Proskuryakov 2010-08-10 22:41:58 PDT 
Thanks. This seems invalid per the new spec.