On Mon, 16 Jun 2008, Sunava Dutta wrote:
>
> On Tue, 22 Apr 2008, Jeff Walden wrote:
> >
> > Make the targetOrigin argument non-optional. "*" would mean "don't
> > care" while anything else would specify an origin (or result in a
> > syntax error). If this is done, it's no longer possible to have
> > time-of-check/time-of-use issues (in the async case) without the web
> > developer explicitly choosing to do so. This change shouldn't be any
> > more than 5-10 lines, and fixing existing testcases to adjust for this
> > change is straightforward.
>
> I didn’t quite get how the TOC-TOU issue can happen here? Can we
> elaborate.
If you don't have the second argument, then between the time where the
source has checked that the target is the expected target, and the time
the target actually receives the message, the target could change.
For example:
window.onmessage = sendSecretData;
iframe.contentWindow.postMessage('hello');
function sendSecretData(event) {
if (event.origin == "http://example.com") { // TOC
// (at this point, if event.source is in a different thread,
// e.g. a different IE8 tab, then it could be navigated in
// between the if statement above and the following line)
event.source.postMessage("secret: " + secretData); // TOU
} else {
// event.source is not from the expected origin!
}
}
With the two-argument form, this is no longer possible except by
explicitly opting in with the wildcard argument.
HTH,
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 17 June 2008 00:45:08 UTC