- From: Thomas Roessler <tlr@w3.org>
- Date: Wed, 27 May 2009 13:55:07 +0200
- To: public-html@w3.org
Background: http://krijnhoetmer.nl/irc-logs/webapps/20090527 In HTML5, section 8.2.3, point 5, mandates that the origin attribute of a MessageEvent event must be set to the unicode serialization of the origin of the script that invoked postMessage. That implies that an opaque origin is serialized to the string "null" here. As a consequence, when the event is handled, it is *not* possible to set the targetOrigin parameter of a possible response message to a value that would bind it to the original message's sender, if that sender has an opaque origin. Remedy: the origin attribute of an event of type MessageEvent ought to behave like a proper origin, even if it is an opaque one; i.e., be comparable to other opaque origins in the same-origin check, and serialize to "null". Serialization should not occur when the attribute is constructed. Thanks, -- Thomas Roessler, W3C <tlr@w3.org>
Received on Wednesday, 27 May 2009 11:55:17 UTC