W3C home > Mailing lists > Public > public-html-commits@w3.org > February 2010

html5/postmsg Overview.html,1.10,1.11

From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
Date: Sun, 14 Feb 2010 05:44:07 +0000
To: public-html-commits@w3.org
Message-Id: <E1NgXH5-0002gV-KC@lionel-hutz.w3.org>
Update of /sources/public/html5/postmsg
In directory hutz:/tmp/cvs-serv10305

Modified Files:
	Overview.html 
Log Message:
Change postMessage()'s targetOrigin argument to not actually resolve but to just treat '/' specially. This will mean that targetOrigin can no longer be in the form '//example.com/' and can no longer be the empty string. (whatwg r4720)

Index: Overview.html
===================================================================
RCS file: /sources/public/html5/postmsg/Overview.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- Overview.html	12 Feb 2010 09:50:39 -0000	1.10
+++ Overview.html	14 Feb 2010 05:44:05 -0000	1.11
@@ -281,7 +281,7 @@
    <h1>HTML5 Web Messaging</h1>
    <h2 class="no-num no-toc" id="generatedID"></h2>
 
-   <h2 class="no-num no-toc" id="editor-s-draft-12-february-2010">Editor's Draft 12 February 2010</h2>
+   <h2 class="no-num no-toc" id="editor-s-draft-14-february-2010">Editor's Draft 14 February 2010</h2>
    <dl><dt>Latest Published Version:</dt>
     <dd><a href="http://www.w3.org/TR/postmsg/">http://www.w3.org/TR/postmsg/</a></dd>
     <dt>Latest Editor's Draft:</dt>
@@ -375,7 +375,7 @@
   specification's progress along the W3C Recommendation
   track.
 
-  This specification is the 12 February 2010 Editor's Draft.
+  This specification is the 14 February 2010 Editor's Draft.
   </p><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- relationship to other work (required) --><p>This specification is part of <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/">a
   larger specification</a> being produced by the <a href="http://www.whatwg.org/">WHATWG</a>, which is available under a
   license that permits reuse of the specification text.</p><!-- UNDER NO CIRCUMSTANCES IS THE FOLLOWING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- UNDER NO CIRCUMSTANCES IS THE PRECEDING PARAGRAPH TO BE REMOVED OR EDITED WITHOUT TALKING TO IAN FIRST --><!-- context and rationale (required) --><!-- (this text is from the RDFa+HTML spec --><p>This specification is an extension to the HTML5 language. All
@@ -599,7 +599,9 @@
     <p>If the origin of the target window doesn't match the given
     origin, the message is discarded, to avoid information leakage. To
     send the message to the target regardless of origin, set the
-    target origin to "<code title="">*</code>".</p>
+    target origin to "<code title="">*</code>". To restrict the
+    message to same-origin targets only, without needing to explicitly
+    state the origin, set the target origin to "<code title="">/</code>".</p>
 
     <p>Throws an <code>INVALID_STATE_ERR</code> if the <var title="">ports</var> array is not null and it contains either null
     entries or duplicate ports.</p>
@@ -615,11 +617,10 @@
   <ol><li>
 
     <p>If the value of the <var title="">targetOrigin</var> argument
-    is not a single U+002A ASTERISK character (*), and <span title="resolve a url">resolving</span> it relative to the
-    <span>entry script</span>'s <span title="script's base URL">base
-    URL</span> either fails or results in a <span>URL</span> with a
+    is neither a single U+002A ASTERISK character (*), a single U+002F
+    SOLIDUS character (/), nor an <span>absolute URL</span> with a
     <code title="url-host-specific">&lt;host-specific&gt;</code>
-    component that is neither empty nor a single U+002F SOLIDUS
+    component that is either empty or a single U+002F SOLIDUS
     character (/), then throw a <code>SYNTAX_ERR</code> exception and
     abort the overall set of steps.</p>
 
@@ -642,12 +643,22 @@
 
    <li>
 
-    <p>If the <var title="">targetOrigin</var> argument has a value
-    other than a single literal U+002A ASTERISK character (*), and
-    the <code>Document</code> of the <code>Window</code> object on
-    which the method was invoked does not have the <span>same
-    origin</span> as <var title="">targetOrigin</var>, then abort
-    these steps silently.</p>
+    <p>If the <var title="">targetOrigin</var> argument is a single
+    literal U+002F SOLIDUS character (/), and the
+    <code>Document</code> of the <code>Window</code> object on which
+    the method was invoked does not have the <span>same origin</span>
+    as the <span>entry script</span>'s <span title="script's browsing
+    context">browsing context</span>, then abort these steps
+    silently.</p>
+
+    <p>Otherwise, if the <var title="">targetOrigin</var> argument is
+    an <span>absolute URL</span>, and the <code>Document</code> of the
+    <code>Window</code> object on which the method was invoked does
+    not have the <span>same origin</span> as <var title="">targetOrigin</var>, then abort these steps silently.</p>
+
+    <p>Otherwise, the <var title="">targetOrigin</var> argument is a
+    single literal U+002A ASTERISK character (*), and no origin check
+    is made.</p>
 
    </li>
 
@@ -686,11 +697,10 @@
   <ol><!-- EXCEPT WHERE NOTED, THESE STEPS ARE IDENTICAL TO THE PREVIOUS SECTION --><!-- one exception is the use of -3 instead of -2 in the xrefs --><li>
 
     <p>If the value of the <var title="">targetOrigin</var> argument
-    is not a single U+002A ASTERISK character (*), and <span title="resolve a url">resolving</span> it relative to the
-    <span>entry script</span>'s <span title="script's base URL">base
-    URL</span> either fails or results in a <span>URL</span> with a
+    is neither a single U+002A ASTERISK character (*), a single U+002F
+    SOLIDUS character (/), nor an <span>absolute URL</span> with a
     <code title="url-host-specific">&lt;host-specific&gt;</code>
-    component that is neither empty nor a single U+002F SOLIDUS
+    component that is either empty or a single U+002F SOLIDUS
     character (/), then throw a <code>SYNTAX_ERR</code> exception and
     abort the overall set of steps.</p>
 
@@ -747,12 +757,22 @@
 
    <li>
 
-    <p>If the <var title="">targetOrigin</var> argument has a value
-    other than a single literal U+002A ASTERISK character (*), and
-    the <code>Document</code> of the <code>Window</code> object on
-    which the method was invoked does not have the <span>same
-    origin</span> as <var title="">targetOrigin</var>, then abort
-    these steps silently.</p>
+    <p>If the <var title="">targetOrigin</var> argument is a single
+    literal U+002F SOLIDUS character (/), and the
+    <code>Document</code> of the <code>Window</code> object on which
+    the method was invoked does not have the <span>same origin</span>
+    as the <span>entry script</span>'s <span title="script's browsing
+    context">browsing context</span>, then abort these steps
+    silently.</p>
+
+    <p>Otherwise, if the <var title="">targetOrigin</var> argument is
+    an <span>absolute URL</span>, and the <code>Document</code> of the
+    <code>Window</code> object on which the method was invoked does
+    not have the <span>same origin</span> as <var title="">targetOrigin</var>, then abort these steps silently.</p>
+
+    <p>Otherwise, the <var title="">targetOrigin</var> argument is a
+    single literal U+002A ASTERISK character (*), and no origin check
+    is made.</p>
 
    </li>
 
Received on Sunday, 14 February 2010 05:44:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 14 February 2010 05:44:09 GMT