- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 12 Feb 2008 20:03:46 +0000 (UTC)
While going through the feedback for postMessage(), I noticed a couple of security problems that nobody had raised: * message.domain isn't actually enough to verify any security, given that on shared hosts one IP address can map to several hostnames and thus people can end up running servers on different ports that respond to requests from domains they don't own. * message.uri can leak information, e.g. if the user's password is in the query component of the URI. Basically, .domain is too little, and .uri is too much. I've replaced both with .origin, which is intended to return the scheme://hostname/ or scheme://hostname:port/ (when the port is non-standard) of the origin of the source document. It's still vague for data: URIs, etc; I have outstanding feedback on that matter and will address that when I respond to that feedback. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 12 February 2008 12:03:46 UTC