- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Mon, 26 Sep 2011 14:48:18 -0400
On 9/26/11 2:09 PM, Tyler Close wrote: > AFAICT, there is no API that the intent handler can > reliably use to determine the correct targetOrigin for this > postMessage invocation. That's correct, though as long as you don't use too much in the way of about:blank or javascript: or data: URIs, passing window.location.href will do the right thing. > I suggest fixing this problem by adding a new > readonly DOMString that contains the correct origin for the > postMessage invocation; perhaps document.origin. I would be somewhat in favor of this. -Boris
Received on Monday, 26 September 2011 11:48:18 UTC