Permalink
Browse files

[o] (2) Moving the cross-document messaging APIs to Window instead of…

… Document (sorry Opera)

git-svn-id: http://svn.whatwg.org/webapps@989 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
1 parent 3508432 commit 75d40181a19fa57999e929987f9f6d92de7aee85 @Hixie Hixie committed Aug 9, 2007
Showing with 72 additions and 82 deletions.
  1. +33 −37 index
  2. +39 −45 source
View
@@ -22,7 +22,7 @@
<h1 id=html-5>HTML 5</h1>
- <h2 class="no-num no-toc" id=working>Working Draft &mdash; 8 August 2007</h2>
+ <h2 class="no-num no-toc" id=working>Working Draft &mdash; 9 August 2007</h2>
<p>You can take part in this work. <a
href="http://www.whatwg.org/mailing-list">Join the working group's
@@ -2456,8 +2456,6 @@
boolean <a href="#execCommand" title=dom-document-execCommand>execCommand</a>(in DOMString commandId, in boolean doShowUI, in DOMString value);
<a href="#selection1">Selection</a> <a href="#getselection0" title=dom-document-getSelection>getSelection</a>();
- // <a href="#cross-document">Cross-document messaging</a>
- void <a href="#postmessage" title=dom-document-postMessage>postMessage</a>(in DOMString message);
<!-- XXX we're not done here.
XXX see e.g. http://lxr.mozilla.org/seamonkey/source/dom/public/idl/html/nsIDOMNSHTMLDocument.idl
XXX see e.g. http://trac.webkit.org/projects/webkit/browser/trunk/WebCore/dom/Document.cpp
@@ -2476,16 +2474,7 @@
whenever any of the members of an <code><a
href="#htmldocument">HTMLDocument</a></code> object are accessed by
scripts whose <a href="#origin0">origin</a> is not the same as the
- <code>Document</code>'s origin, with the following exceptions:
-
- <ul>
- <li>The <code title=dom-document-postMessage><a
- href="#postmessage">postMessage()</a></code> method must be allowed to be
- called from any script.
- </ul>
-
- <p class=big-issue>We may want to just put postMessage on Window instead of
- Document, as that reduces the XSS risk.
+ <code>Document</code>'s origin.
<h4 id=resource><span class=secno>2.1.2. </span><dfn id=resource0>Resource
metadata management</dfn></h4>
@@ -23016,6 +23005,9 @@ XXX selection ranges -->
<a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(in DOMString url, in DOMString target, in DOMString features);
<a href="#window">Window</a> <a href="#open2" title=dom-open>open</a>(in DOMString url, in DOMString target, in DOMString features, in DOMString replace);
+ // <a href="#cross-document">cross-document messaging</a>
+ void <a href="#postmessage" title=dom-window-postMessage>postMessage</a>(in DOMString message);
+
// <a href="#event3">event handler DOM attributes</a>
attribute <span>EventListener</span> <a href="#onabort" title=handler-onabort>onabort</a>;
attribute <span>EventListener</span> <a href="#onbeforeunload" title=handler-onbeforeunload>onbeforeunload</a>;
@@ -23090,6 +23082,9 @@ XXX selection ranges -->
<ul>
<li>The <code title=dom-location><a href="#location1">location</a></code>
object
+
+ <li>The <code title=dom-window-postMessage><a
+ href="#postmessage">postMessage()</a></code> method
</ul>
<p>User agents must not allow scripts to override the <code
@@ -30727,9 +30722,9 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
readonly attribute DOMString <a href="#data4" title=dom-MessageEvent-data>data</a>;
readonly attribute DOMString <a href="#domain2" title=dom-MessageEvent-domain>domain</a>;
readonly attribute DOMString <a href="#uri" title=dom-MessageEvent-uri>uri</a>;
- readonly attribute Document <a href="#source1" title=dom-MessageEvent-source>source</a>;
- void <a href="#initmessageevent" title=dom-MessageEvent-initMessageEvent>initMessageEvent</a>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
- void <a href="#initmessageeventns" title=dom-MessageEvent-initMessageEventNS>initMessageEventNS</a>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
+ readonly attribute <a href="#window">Window</a> <a href="#source1" title=dom-MessageEvent-source>source</a>;
+ void <a href="#initmessageevent" title=dom-MessageEvent-initMessageEvent>initMessageEvent</a>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
+ void <a href="#initmessageeventns" title=dom-MessageEvent-initMessageEventNS>initMessageEventNS</a>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
};</pre>
<p>The <dfn id=initmessageevent
@@ -30755,7 +30750,7 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
<p>The <dfn id=source1
title=dom-MessageEvent-source><code>source</code></dfn> attribute
represents, in <a href="#cross-document">cross-document messaging</a>, the
- <code>Document</code> from which the message came.
+ <code><a href="#window">Window</a></code> from which the message came.
<h3 id=server-sent-events><span class=secno>6.2. </span><dfn
id=server-sent>Server-sent DOM events</dfn></h3>
@@ -32182,36 +32177,33 @@ Target: #image1
to communicate with each other regardless of their source domain, in a way
designed to not enable cross-site scripting attacks.
- <p class=big-issue>We may want to just put postMessage on Window instead of
- Document, as that reduces the XSS risk.
-
<h4 id=processing1><span class=secno>6.4.1. </span>Processing model</h4>
<p>When a script invokes the <dfn id=postmessage
- title=dom-document-postMessage><code>postMessage(<var
- title="">message</var>)</code></dfn> method on a <code>Document</code>
- object, the user agent must create an event that uses the <code><a
- href="#messageevent">MessageEvent</a></code> interface, with the event
- name <code title=event-message><a href="#message">message</a></code>,
- which bubbles, is cancelable, and has no default action. The <code
- title=dom-MessageEvent-data><a href="#data4">data</a></code> attribute
- must be set to the value passed as the <var title="">message</var>
- argument to the <code title=dom-document-postMessage><a
+ title=dom-window-postMessage><code>postMessage(<var
+ title="">message</var>)</code></dfn> method on a <code><a
+ href="#window">Window</a></code> object, the user agent must create an
+ event that uses the <code><a href="#messageevent">MessageEvent</a></code>
+ interface, with the event name <code title=event-message><a
+ href="#message">message</a></code>, which bubbles, is cancelable, and has
+ no default action. The <code title=dom-MessageEvent-data><a
+ href="#data4">data</a></code> attribute must be set to the value passed as
+ the <var title="">message</var> argument to the <code
+ title=dom-window-postMessage><a
href="#postmessage">postMessage()</a></code> method, the <code
title=dom-MessageEvent-domain><a href="#domain2">domain</a></code>
attribute must be set to the domain of the document that the script that
invoked the methods is associated with, the <code
title=dom-MessageEvent-uri><a href="#uri">uri</a></code> attribute must be
set to the URI of that document, and the <code
title=dom-MessageEvent-source><a href="#source1">source</a></code>
- attribute must be set to the <code>Document</code> object representing
- that document.
+ attribute must be set to the <code><a href="#window">Window</a></code>
+ object of the default view of the browsing context with which that
+ document is associated.
<p>The event must then be dispatched at the <code>Document</code> object
- itself.</p>
- <!-- XXX must ensure that postMessage() is accessible on
- cross-domain Document objects but that the dispatchEvent() method is
- not. -->
+ that is the <a href="#active">active document</a> of the <code><a
+ href="#window">Window</a></code> object on which the method was invoked.
<p class=warning>Authors should check the <code
title=dom-MessageEvent-domain><a href="#domain2">domain</a></code>
@@ -32222,13 +32214,13 @@ Target: #image1
<div class=example>
<p>For example, if document A contains an <code><a
href="#object">object</a></code> element that contains document B, and
- script in document A calls <code title=dom-document-postMessage><a
+ script in document A calls <code title=dom-window-postMessage><a
href="#postmessage">postMessage()</a></code> on document B, then a
message event will be fired on that element, marked as originating from
document A. The script in document A might look like:</p>
<pre>var o = document.getElementsByTagName('object')[0];
-o.<span title="">contentDocument</span>.<a href="#postmessage" title=dom-document-postMessage>postMessage</a>('Hello world');
+o.<span title=dom-object-contentWindow>contentWindow</span>.<a href="#postmessage" title=dom-window-postMessage>postMessage</a>('Hello world');
</pre>
<p>To register an event handler for incoming events, the script would use
@@ -32252,6 +32244,10 @@ function receiver(e) {
the first place.</p>
</div>
+ <p class=warning>The integrity of this API is based on the inability for
+ scripts of one origin to post arbitrary events (using <code
+ title="">dispatchEvent()</code> or otherwise) to objects in other origins.
+
<p class=note>Implementors are urged to take extra care in the
implementation of this feature. It allows authors to transmit information
from one domain to another domain, which is normally disallowed for
View
@@ -956,8 +956,6 @@
boolean <span title="dom-document-execCommand">execCommand</span>(in DOMString commandId, in boolean doShowUI, in DOMString value);
<span>Selection</span> <span title="dom-document-getSelection">getSelection</span>();
- // <span>Cross-document messaging</span>
- void <span title="dom-document-postMessage">postMessage</span>(in DOMString message);
<!-- XXX we're not done here.
XXX see e.g. http://lxr.mozilla.org/seamonkey/source/dom/public/idl/html/nsIDOMNSHTMLDocument.idl
XXX see e.g. http://trac.webkit.org/projects/webkit/browser/trunk/WebCore/dom/Document.cpp
@@ -975,17 +973,7 @@
<p>User agents must raise a <span>security exception</span> whenever
any of the members of an <code>HTMLDocument</code> object are
accessed by scripts whose <span>origin</span> is not the same as the
- <code>Document</code>'s origin, with the following exceptions:</p>
-
- <ul>
-
- <li>The <code title="dom-document-postMessage">postMessage()</code>
- method must be allowed to be called from any script.
-
- </ul>
-
- <p class="big-issue">We may want to just put postMessage on Window
- instead of Document, as that reduces the XSS risk.</p>
+ <code>Document</code>'s origin.</p>
@@ -20629,6 +20617,9 @@ XXX selection ranges -->
<span>Window</span> <span title="dom-open">open</span>(in DOMString url, in DOMString target, in DOMString features);
<span>Window</span> <span title="dom-open">open</span>(in DOMString url, in DOMString target, in DOMString features, in DOMString replace);
+ // <span>cross-document messaging</span>
+ void <span title="dom-window-postMessage">postMessage</span>(in DOMString message);
+
// <span>event handler DOM attributes</span>
attribute <span>EventListener</span> <span title="handler-onabort">onabort</span>;
attribute <span>EventListener</span> <span title="handler-onbeforeunload">onbeforeunload</span>;
@@ -20702,7 +20693,12 @@ XXX selection ranges -->
exceptions:</p>
<ul>
+
<li>The <code title="dom-location">location</code> object
+
+ <li>The <code title="dom-window-postMessage">postMessage()</code>
+ method
+
</ul>
<p>User agents must not allow scripts to override the <code
@@ -28136,9 +28132,9 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
readonly attribute DOMString <span title="dom-MessageEvent-data">data</span>;
readonly attribute DOMString <span title="dom-MessageEvent-domain">domain</span>;
readonly attribute DOMString <span title="dom-MessageEvent-uri">uri</span>;
- readonly attribute Document <span title="dom-MessageEvent-source">source</span>;
- void <span title="dom-MessageEvent-initMessageEvent">initMessageEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
- void <span title="dom-MessageEvent-initMessageEventNS">initMessageEventNS</span>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Document documentArg);
+ readonly attribute <span>Window</span> <span title="dom-MessageEvent-source">source</span>;
+ void <span title="dom-MessageEvent-initMessageEvent">initMessageEvent</span>(in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
+ void <span title="dom-MessageEvent-initMessageEventNS">initMessageEventNS</span>(in DOMString namespaceURI, in DOMString typeArg, in boolean canBubbleArg, in boolean cancelableArg, in DOMString dataArg, in DOMString domainArg, in DOMString uriArg, in Window sourceArg);
};</pre>
<p>The <dfn
@@ -28165,7 +28161,7 @@ http://developer.apple.com/documentation/AppleApplications/Conceptual/SafariJSPr
<p>The <dfn
title="dom-MessageEvent-source"><code>source</code></dfn> attribute
represents, in <span>cross-document messaging</span>, the
- <code>Document</code> from which the message came.</p>
+ <code>Window</code> from which the message came.</p>
<h3 id="server-sent-events"><dfn>Server-sent DOM events</dfn></h3>
@@ -29625,37 +29621,30 @@ Target: #image1
domain, in a way designed to not enable cross-site scripting
attacks.</p>
- <p class="big-issue">We may want to just put postMessage on Window
- instead of Document, as that reduces the XSS risk.</p>
-
<h4>Processing model</h4>
<p>When a script invokes the <dfn
- title="dom-document-postMessage"><code>postMessage(<var
- title="">message</var>)</code></dfn> method on a
- <code>Document</code> object, the user agent must create an event
- that uses the <code>MessageEvent</code> interface, with the event
- name <code title="event-message">message</code>, which
- bubbles, is cancelable, and has no default action. The <code
- title="dom-MessageEvent-data">data</code> attribute must
- be set to the value passed as the <var title="">message</var>
- argument to the <code
- title="dom-document-postMessage">postMessage()</code> method, the
- <code title="dom-MessageEvent-domain">domain</code>
- attribute must be set to the domain of the document that the script
- that invoked the methods is associated with, the <code
- title="dom-MessageEvent-uri">uri</code> attribute must
- be set to the URI of that document, and the <code
- title="dom-MessageEvent-source">source</code> attribute
- must be set to the <code>Document</code> object representing that
- document.</p>
+ title="dom-window-postMessage"><code>postMessage(<var
+ title="">message</var>)</code></dfn> method on a <code>Window</code>
+ object, the user agent must create an event that uses the
+ <code>MessageEvent</code> interface, with the event name <code
+ title="event-message">message</code>, which bubbles, is cancelable,
+ and has no default action. The <code
+ title="dom-MessageEvent-data">data</code> attribute must be set to
+ the value passed as the <var title="">message</var> argument to the
+ <code title="dom-window-postMessage">postMessage()</code> method,
+ the <code title="dom-MessageEvent-domain">domain</code> attribute
+ must be set to the domain of the document that the script that
+ invoked the methods is associated with, the <code
+ title="dom-MessageEvent-uri">uri</code> attribute must be set to the
+ URI of that document, and the <code
+ title="dom-MessageEvent-source">source</code> attribute must be set
+ to the <code>Window</code> object of the default view of the
+ browsing context with which that document is associated.</p>
<p>The event must then be dispatched at the <code>Document</code>
- object itself.</p>
-
- <!-- XXX must ensure that postMessage() is accessible on
- cross-domain Document objects but that the dispatchEvent() method is
- not. -->
+ object that is the <span>active document</span> of the
+ <code>Window</code> object on which the method was invoked.</p>
<p class="warning">Authors should check the <code
title="dom-MessageEvent-domain">domain</code> attribute to ensure
@@ -29667,13 +29656,13 @@ Target: #image1
<p>For example, if document A contains an <code>object</code>
element that contains document B, and script in document A calls
- <code title="dom-document-postMessage">postMessage()</code> on
+ <code title="dom-window-postMessage">postMessage()</code> on
document B, then a message event will be fired on that element,
marked as originating from document A. The script in document A
might look like:</p>
<pre>var o = document.getElementsByTagName('object')[0];
-o.<span title="">contentDocument</span>.<span title="dom-document-postMessage">postMessage</span>('Hello world');
+o.<span title="dom-object-contentWindow">contentWindow</span>.<span title="dom-window-postMessage">postMessage</span>('Hello world');
</pre>
<p>To register an event handler for incoming events, the script
@@ -29698,6 +29687,11 @@ function receiver(e) {
</div>
+ <p class="warning">The integrity of this API is based on the
+ inability for scripts of one origin to post arbitrary events (using
+ <code title="">dispatchEvent()</code> or otherwise) to objects in
+ other origins.</p>
+
<p class="note">Implementors are urged to take extra care in the
implementation of this feature. It allows authors to transmit
information from one domain to another domain, which is normally

0 comments on commit 75d4018

Please sign in to comment.