Re: [web messaging] Channel Messaging Origins from Ian Hickson on 2011-08-02 (public-html-comments@w3.org from August 2011)

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 2 Aug 2011 19:04:53 +0000 (UTC)
To: public-html-comments@w3.org
Message-ID: <Pine.LNX.4.64.1108021747040.18680@ps20323.dreamhostps.com>

On Mon, 1 Aug 2011, Philippe De Ryck wrote:
> 
> If two browsing contexts X and Y create a messaging channel using ports, 
> no origin guarantees about the sender or receiver of the messages can be 
> given. This is in contrast with the 'Cross-document Messaging' 
> mechanism, where each message has a source and destination origin.

This is intentional. The security model here is a capabilities model, 
where vending a MessagePort inherently grants a right. Exposing an origin 
would actually undermine this, preventing capabilities from being 
furthered to other origins.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 2 August 2011 19:05:21 UTC