Skip to content
Permalink
Browse files
[o] (2) Moving the cross-document messaging APIs to Window instead of…
… Document (sorry Opera)

git-svn-id: http://svn.whatwg.org/webapps@989 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Aug 9, 2007
1 parent 3508432 commit 75d40181a19fa57999e929987f9f6d92de7aee85
Showing with 72 additions and 82 deletions.
  1. +33 −37 index
  2. +39 −45 source
70 index
@@ -22,7 +22,7 @@

<h1 id=html-5>HTML 5</h1>

<h2 class="no-num no-toc" id=working>Working Draft &mdash; 8 August 2007</h2>
<h2 class="no-num no-toc" id=working>Working Draft &mdash; 9 August 2007</h2>

<p>You can take part in this work. <a
href="http://www.whatwg.org/mailing-list">Join the working group's
@@ -2456,8 +2456,6 @@
boolean <a href="#execCommand" title=dom-document-execCommand>execCommand</a>(in DOMString commandId, in boolean doShowUI, in DOMString value);
<a href="#selection1">Selection</a> <a href="#getselection0" title=dom-document-getSelection>getSelection</a>();

// <a href="#cross-document">Cross-document messaging</a>
void <a href="#postmessage" title=dom-document-postMessage>postMessage</a>(in DOMString message);
<!-- XXX we're not done here.
XXX see e.g. http://lxr.mozilla.org/seamonkey/source/dom/public/idl/html/nsIDOMNSHTMLDocument.idl
XXX see e.g. http://trac.webkit.org/projects/webkit/browser/trunk/WebCore/dom/Document.cpp
@@ -2476,16 +2474,7 @@
whenever any of the members of an <code><a
href="#htmldocument">HTMLDocument</a></code> object are accessed by
scripts whose <a href="#origin0">origin</a> is not the same as the
<code>Document</code>'s origin, with the following exceptions:

<ul>
<li>The <code title=dom-document-postMessage><a
href="#postmessage">postMessage()</a></code> method must be allowed to be
called from any script.
</ul>

<p class=big-issue>We may want to just put postMessage on Window instead of
Document, as that reduces the XSS risk.
<code>Document</code>'s origin.

<h4 id=resource><span class=secno>2.1.2. </span><dfn id=resource0>Resource
metadata management</dfn></h4>
@@ -23016,6 +23005,9 @@ XXX selection ranges -->
<a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(in DOMString url, in DOMString target, in DOMString features);
<a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(in DOMString url, in DOMString target, in DOMString features, in DOMString replace);

// <a href="#cross-document">cross-document messaging</a>
void <a href="#postmessage" title=dom-window-postMessage>postMessage</a>(in DOMString message);

// <a href="#event3">event handler DOM attributes</a>
attribute <span>EventListener</span> <a href="#onabort" title=handler-onabort>onabort</a>;
attribute <span>EventListener</span> <a href="#onbeforeunload" title=handler-onbeforeunload>onbeforeunload</a>;
@@ -23090,6 +23082,9 @@ XXX selection ranges -->
<ul>
<li>The <code title=dom-location><a href="#location1">location</a></code>
object

<li>The <code title=dom-window-postMessage><a
href="#postmessage">postMessage()</a></code> method
</ul>

<p>User agents must not allow scripts to override the <code
@@ -30727,9 +30722,9 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
readonly attribute DOMString <a href="#data4" title=dom-MessageEvent-data>data</a>;
readonly attribute DOMString <a href="#domain2" title=dom-MessageEvent-domain>domain</a>;
readonly attribute DOMString <a href="#uri" title=dom-MessageEvent-uri>uri</a>;
readonly attribute Document <a href="#source1" title=dom-MessageEvent-source>source</a>;
void <a href="#initmessageevent" title=dom-MessageEvent-initMessageEvent>initMessageEvent</a>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
void <a href="#initmessageeventns" title=dom-MessageEvent-initMessageEventNS>initMessageEventNS</a>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
readonly attribute <a href="#window">Window</a> <a href="#source1" title=dom-MessageEvent-source>source</a>;
void <a href="#initmessageevent" title=dom-MessageEvent-initMessageEvent>initMessageEvent</a>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
void <a href="#initmessageeventns" title=dom-MessageEvent-initMessageEventNS>initMessageEventNS</a>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
};</pre>

<p>The <dfn id=initmessageevent
@@ -30755,7 +30750,7 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
<p>The <dfn id=source1
title=dom-MessageEvent-source><code>source</code></dfn> attribute
represents, in <a href="#cross-document">cross-document messaging</a>, the
<code>Document</code> from which the message came.
<code><a href="#window">Window</a></code> from which the message came.

<h3 id=server-sent-events><span class=secno>6.2. </span><dfn
id=server-sent>Server-sent DOM events</dfn></h3>
@@ -32182,36 +32177,33 @@ Target: #image1
to communicate with each other regardless of their source domain, in a way
designed to not enable cross-site scripting attacks.

<p class=big-issue>We may want to just put postMessage on Window instead of
Document, as that reduces the XSS risk.

<h4 id=processing1><span class=secno>6.4.1. </span>Processing model</h4>

<p>When a script invokes the <dfn id=postmessage
title=dom-document-postMessage><code>postMessage(<var
title="">message</var>)</code></dfn> method on a <code>Document</code>
object, the user agent must create an event that uses the <code><a
href="#messageevent">MessageEvent</a></code> interface, with the event
name <code title=event-message><a href="#message">message</a></code>,
which bubbles, is cancelable, and has no default action. The <code
title=dom-MessageEvent-data><a href="#data4">data</a></code> attribute
must be set to the value passed as the <var title="">message</var>
argument to the <code title=dom-document-postMessage><a
title=dom-window-postMessage><code>postMessage(<var
title="">message</var>)</code></dfn> method on a <code><a
href="#window">Window</a></code> object, the user agent must create an
event that uses the <code><a href="#messageevent">MessageEvent</a></code>
interface, with the event name <code title=event-message><a
href="#message">message</a></code>, which bubbles, is cancelable, and has
no default action. The <code title=dom-MessageEvent-data><a
href="#data4">data</a></code> attribute must be set to the value passed as
the <var title="">message</var> argument to the <code
title=dom-window-postMessage><a
href="#postmessage">postMessage()</a></code> method, the <code
title=dom-MessageEvent-domain><a href="#domain2">domain</a></code>
attribute must be set to the domain of the document that the script that
invoked the methods is associated with, the <code
title=dom-MessageEvent-uri><a href="#uri">uri</a></code> attribute must be
set to the URI of that document, and the <code
title=dom-MessageEvent-source><a href="#source1">source</a></code>
attribute must be set to the <code>Document</code> object representing
that document.
attribute must be set to the <code><a href="#window">Window</a></code>
object of the default view of the browsing context with which that
document is associated.

<p>The event must then be dispatched at the <code>Document</code> object
itself.</p>
<!-- XXX must ensure that postMessage() is accessible on
cross-domain Document objects but that the dispatchEvent() method is
not. -->
that is the <a href="#active">active document</a> of the <code><a
href="#window">Window</a></code> object on which the method was invoked.

<p class=warning>Authors should check the <code
title=dom-MessageEvent-domain><a href="#domain2">domain</a></code>
@@ -32222,13 +32214,13 @@ Target: #image1
<div class=example>
<p>For example, if document A contains an <code><a
href="#object">object</a></code> element that contains document B, and
script in document A calls <code title=dom-document-postMessage><a
script in document A calls <code title=dom-window-postMessage><a
href="#postmessage">postMessage()</a></code> on document B, then a
message event will be fired on that element, marked as originating from
document A. The script in document A might look like:</p>

<pre>var o = document.getElementsByTagName('object')[0];
o.<span title="">contentDocument</span>.<a href="#postmessage" title=dom-document-postMessage>postMessage</a>('Hello world');
o.<span title=dom-object-contentWindow>contentWindow</span>.<a href="#postmessage" title=dom-window-postMessage>postMessage</a>('Hello world');
</pre>

<p>To register an event handler for incoming events, the script would use
@@ -32252,6 +32244,10 @@ function receiver(e) {
the first place.</p>
</div>

<p class=warning>The integrity of this API is based on the inability for
scripts of one origin to post arbitrary events (using <code
title="">dispatchEvent()</code> or otherwise) to objects in other origins.

<p class=note>Implementors are urged to take extra care in the
implementation of this feature. It allows authors to transmit information
from one domain to another domain, which is normally disallowed for
84 source
@@ -956,8 +956,6 @@
boolean <span title="dom-document-execCommand">execCommand</span>(in DOMString commandId, in boolean doShowUI, in DOMString value);
<span>Selection</span> <span title="dom-document-getSelection">getSelection</span>();

// <span>Cross-document messaging</span>
void <span title="dom-document-postMessage">postMessage</span>(in DOMString message);
<!-- XXX we're not done here.
XXX see e.g. http://lxr.mozilla.org/seamonkey/source/dom/public/idl/html/nsIDOMNSHTMLDocument.idl
XXX see e.g. http://trac.webkit.org/projects/webkit/browser/trunk/WebCore/dom/Document.cpp
@@ -975,17 +973,7 @@
<p>User agents must raise a <span>security exception</span> whenever
any of the members of an <code>HTMLDocument</code> object are
accessed by scripts whose <span>origin</span> is not the same as the
<code>Document</code>'s origin, with the following exceptions:</p>

<ul>

<li>The <code title="dom-document-postMessage">postMessage()</code>
method must be allowed to be called from any script.

</ul>

<p class="big-issue">We may want to just put postMessage on Window
instead of Document, as that reduces the XSS risk.</p>
<code>Document</code>'s origin.</p>



@@ -20629,6 +20617,9 @@ XXX selection ranges -->
<span>Window</span> <span title="dom-open">open</span>(in DOMString url, in DOMString target, in DOMString features);
<span>Window</span> <span title="dom-open">open</span>(in DOMString url, in DOMString target, in DOMString features, in DOMString replace);

// <span>cross-document messaging</span>
void <span title="dom-window-postMessage">postMessage</span>(in DOMString message);

// <span>event handler DOM attributes</span>
attribute <span>EventListener</span> <span title="handler-onabort">onabort</span>;
attribute <span>EventListener</span> <span title="handler-onbeforeunload">onbeforeunload</span>;
@@ -20702,7 +20693,12 @@ XXX selection ranges -->
exceptions:</p>

<ul>

<li>The <code title="dom-location">location</code> object

<li>The <code title="dom-window-postMessage">postMessage()</code>
method

</ul>

<p>User agents must not allow scripts to override the <code
@@ -28136,9 +28132,9 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
readonly attribute DOMString <span title="dom-MessageEvent-data">data</span>;
readonly attribute DOMString <span title="dom-MessageEvent-domain">domain</span>;
readonly attribute DOMString <span title="dom-MessageEvent-uri">uri</span>;
readonly attribute Document <span title="dom-MessageEvent-source">source</span>;
void <span title="dom-MessageEvent-initMessageEvent">initMessageEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
void <span title="dom-MessageEvent-initMessageEventNS">initMessageEventNS</span>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
readonly attribute <span>Window</span> <span title="dom-MessageEvent-source">source</span>;
void <span title="dom-MessageEvent-initMessageEvent">initMessageEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
void <span title="dom-MessageEvent-initMessageEventNS">initMessageEventNS</span>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
};</pre>

<p>The <dfn
@@ -28165,7 +28161,7 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
<p>The <dfn
title="dom-MessageEvent-source"><code>source</code></dfn> attribute
represents, in <span>cross-document messaging</span>, the
<code>Document</code> from which the message came.</p>
<code>Window</code> from which the message came.</p>


<h3 id="server-sent-events"><dfn>Server-sent DOM events</dfn></h3>
@@ -29625,37 +29621,30 @@ Target: #image1
domain, in a way designed to not enable cross-site scripting
attacks.</p>

<p class="big-issue">We may want to just put postMessage on Window
instead of Document, as that reduces the XSS risk.</p>

<h4>Processing model</h4>

<p>When a script invokes the <dfn
title="dom-document-postMessage"><code>postMessage(<var
title="">message</var>)</code></dfn> method on a
<code>Document</code> object, the user agent must create an event
that uses the <code>MessageEvent</code> interface, with the event
name <code title="event-message">message</code>, which
bubbles, is cancelable, and has no default action. The <code
title="dom-MessageEvent-data">data</code> attribute must
be set to the value passed as the <var title="">message</var>
argument to the <code
title="dom-document-postMessage">postMessage()</code> method, the
<code title="dom-MessageEvent-domain">domain</code>
attribute must be set to the domain of the document that the script
that invoked the methods is associated with, the <code
title="dom-MessageEvent-uri">uri</code> attribute must
be set to the URI of that document, and the <code
title="dom-MessageEvent-source">source</code> attribute
must be set to the <code>Document</code> object representing that
document.</p>
title="dom-window-postMessage"><code>postMessage(<var
title="">message</var>)</code></dfn> method on a <code>Window</code>
object, the user agent must create an event that uses the
<code>MessageEvent</code> interface, with the event name <code
title="event-message">message</code>, which bubbles, is cancelable,
and has no default action. The <code
title="dom-MessageEvent-data">data</code> attribute must be set to
the value passed as the <var title="">message</var> argument to the
<code title="dom-window-postMessage">postMessage()</code> method,
the <code title="dom-MessageEvent-domain">domain</code> attribute
must be set to the domain of the document that the script that
invoked the methods is associated with, the <code
title="dom-MessageEvent-uri">uri</code> attribute must be set to the
URI of that document, and the <code
title="dom-MessageEvent-source">source</code> attribute must be set
to the <code>Window</code> object of the default view of the
browsing context with which that document is associated.</p>

<p>The event must then be dispatched at the <code>Document</code>
object itself.</p>

<!-- XXX must ensure that postMessage() is accessible on
cross-domain Document objects but that the dispatchEvent() method is
not. -->
object that is the <span>active document</span> of the
<code>Window</code> object on which the method was invoked.</p>

<p class="warning">Authors should check the <code
title="dom-MessageEvent-domain">domain</code> attribute to ensure
@@ -29667,13 +29656,13 @@ Target: #image1

<p>For example, if document A contains an <code>object</code>
element that contains document B, and script in document A calls
<code title="dom-document-postMessage">postMessage()</code> on
<code title="dom-window-postMessage">postMessage()</code> on
document B, then a message event will be fired on that element,
marked as originating from document A. The script in document A
might look like:</p>

<pre>var o = document.getElementsByTagName('object')[0];
o.<span title="">contentDocument</span>.<span title="dom-document-postMessage">postMessage</span>('Hello world');
o.<span title="dom-object-contentWindow">contentWindow</span>.<span title="dom-window-postMessage">postMessage</span>('Hello world');
</pre>

<p>To register an event handler for incoming events, the script
@@ -29698,6 +29687,11 @@ function receiver(e) {

</div>

<p class="warning">The integrity of this API is based on the
inability for scripts of one origin to post arbitrary events (using
<code title="">dispatchEvent()</code> or otherwise) to objects in
other origins.</p>

<p class="note">Implementors are urged to take extra care in the
implementation of this feature. It allows authors to transmit
information from one domain to another domain, which is normally

0 comments on commit 75d4018

Please sign in to comment.