How to serialize Origin (Cross Document Messaging) from Sunava Dutta on 2008-08-18 (public-html-comments@w3.org from August 2008)

From: Sunava Dutta <sunavad@windows.microsoft.com>
Date: Mon, 18 Aug 2008 13:23:18 -0700
To: "public-html-comments@w3.org" <public-html-comments@w3.org>, Ian Hickson <ian@hixie.ch>
CC: IE8 Core AJAX SWAT Team <ieajax@microsoft.com>
Message-ID: <083D18C6B9B71F4CBCA7B76D97B74831136911017B@NA-EXMSG-W601.wingroup.windeploy.ntd>

We came across a possible opportunity to mark the delta between URI and Origins in the HTML 5.0 draft.

IE8 Beta 1 did not remove the trailing slash from e.origin in XDM. For example, e.origin would return https://mysite/.
The URIs 'http://mysite and 'http://mysite/' are equivalent (empty path is same as '/' path when URI scheme uses generic syntax for authority RFC 3986 5.2.4<http://tools.ietf.org/html/rfc3986#section-5.2.4>) and the normal form is 'http://mysite/' which is what we normalized to and returned in IE.  This means, if the e.origin normalized URI is not the same string comparison that the web author is doing (because of syntactical differences like the trailing backslash), a check to validate the sending domain will fail.

It seems that Firefox 3 aligns more close with  HTML 5.0 here, i.e, it does not return a trailing backslash. It's probably worth clarifying that "Origin" as defined by HTML 5.0 is not a URI  and it would be good to have guidelines on how to serialize "Origin" so it can be consistently used inside Javascript. (If it's called out in the spec pardon me)
Nonetheless we want to make it easier for developers and have made the change to return http://mysite in Beta 2, making it consistent with FF3.
Let me know if there are any ideas here.


--
Sunava Dutta
Program Manager (AJAX) - Developer Experience Team, Internet Explorer
One Microsoft Way, Redmond WA 98052
TEL# (425) 705-1418
FAX# (425) 936-7329

Received on Monday, 18 August 2008 20:24:11 UTC