Spec: http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html#posting-messages [[ 9. If the targetOrigin argument is a single literal U+002F SOLIDUS character (/), and the Document of the Window object on which the method was invoked does not have the same origin as the entry script's document, then abort these steps silently. ]] Opera supports this already.
Created attachment 125031 [details] Patch
I thought this was removed from the spec.
Comment on attachment 125031 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=125031&action=review > Source/WebCore/page/DOMWindow.cpp:837 > + target = sourceDocument->securityOrigin(); Do we need to make a cross-thread copy?
CCing some threading experts.
Comment on attachment 125031 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=125031&action=review >> Source/WebCore/page/DOMWindow.cpp:837 >> + target = sourceDocument->securityOrigin(); > > Do we need to make a cross-thread copy? No, because this is DOMWindow::postMessage - it is all single threaded.
Comment on attachment 125031 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=125031&action=review Thanks! > Source/WebCore/page/DOMWindow.cpp:836 > + if (!sourceDocument) > + return; I wonder if we shouldn't just return right away when !sourceDocument. I can understand why you've chosen this path though.
(In reply to comment #6) > (From update of attachment 125031 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=125031&action=review > > Thanks! > > > Source/WebCore/page/DOMWindow.cpp:836 > > + if (!sourceDocument) > > + return; > > I wonder if we shouldn't just return right away when !sourceDocument. I can understand why you've chosen this path though. Yeah, wasn't sure if the syntax error should be reported regardless, but when in doubt i guess it's always better to keep the existing behavior :P. Under what circumstances can there be no document there? (workers?)
> Under what circumstances can there be no document there? (workers?) The situation is very rare. Basically, if the source window is from a frame that has been destroyed (i.e., removed from the DOM). It's possible to construct those scenarios, but we don't usually care all that much about what happens then (as long as we don't crash or cause security problems).
Comment on attachment 125031 [details] Patch Clearing flags on attachment: 125031 Committed r106516: <http://trac.webkit.org/changeset/106516>
All reviewed patches have been landed. Closing bug.