[webkit-reviews] review requested: [Bug 17331] Change postMessage/MessageEvent to match HTML5 wrt. exposing origin vs. domain/uri : [Attachment 19338] Updated patch that addresses aroben's comments
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 24 21:55:24 PST 2008
Collin Jackson <collinj-webkit at collinjackson.com> has asked Sam Weinig
<sam at webkit.org> for review:
Bug 17331: Change postMessage/MessageEvent to match HTML5 wrt. exposing origin
vs. domain/uri
http://bugs.webkit.org/show_bug.cgi?id=17331
Attachment 19338: Updated patch that addresses aroben's comments
http://bugs.webkit.org/attachment.cgi?id=19338&action=edit
------- Additional Comments from Collin Jackson
<collinj-webkit at collinjackson.com>
Generating these strings from the SecurityOrigin class required reorganizing
the SecurityOrigin class to understand the difference between hosts and
domains. There are now three ways to compare security origins:
1) equalIgnoringDomain compares hosts, and is used for postMessage
2) equal compares all aspects of the security origin, and is used for hash keys
3) canAccess understands the semantics of schemes such as file:// and data://
URLs, and should be used for scripting access checks.
We changed SecurityOrigin::toString() and SecurityOrigin::stringIdentifier() to
generate identifiers that are suitable for being used as a MessageEvent's
origin property. In the future, SecurityOrigin::toString() could be used for
the Access-Control-Origin header as well. We're now re-using KURL parser to
parse serialized SecurityOrigins.
I took Darin's suggestion of using append() rather than String::format() in
SecurityOrigin::toString().
More information about the webkit-reviews
mailing list