On Fri, 10 Feb 2012, João Eiras wrote:
Step 1 of the spec [1] for postMessage says:
1. If the value of the targetOrigin argument is neither a single U+002A
ASTERISK character (*), a single U+002F SOLIDUS character (/), nor an
absolute URL, then throw a SyntaxError exception and abort the overall
set of steps.
The absolute URL part will create problems when the origin of the
scripting environment does not serialize to an absolute URL.
For instance, if you have two documents A and B in a non http context,
where typically the origin will be null, like file: or data:, and post
a message from A to B, B will receive a message event which event.origin
property has a value of null. If the listener then does
# event.source.postMessage(reply, event.origin)
(which is a code snippet easily found in online tutorials) step 1 causes
that call to fail with a SYNTAX_ERR exception.
Step 1 should be changed to instead of referring to an absolute URI,
refer to a valid origin, as serialized by the origin serialization
algorithm.
If the origin doesn't serialise to an absolute URL, then we don't have a
way to check it (they're all null). So I don't think that works. That's
why it always throws SYNTAX_ERR for null origins.
--
Ian Hickson U+1047E)\._.,--,'``.fL
http://ln.hixie.ch/ U+263A/, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
