[Webkit-unassigned] [Bug 17331] Change postMessage/MessageEvent to match HTML5 wrt. exposing origin vs. domain/uri

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Apr 20 12:54:43 PDT 2008


------- Comment #37 from collinj-webkit at collinjackson.com  2008-04-20 12:54 PDT -------
Created an attachment (id=20703)
 --> (http://bugs.webkit.org/attachment.cgi?id=20703&action=view)
Updated patch to address aroben's comments

(In reply to comment #36)
> (From update of attachment 20631 [edit])
> r31975 added protocolHostAndPortAreEqual to KURL.h. Should
> we use that instead of adding SecurityOrigin::isSameSchemeHostPort?

What is protocolHostAndPortAreEqual supposed to be used for? Right now it
doesn't seem to be called anywhere. It seems better to have origin-related
security checks be done by the SecurityOrigin class.

> +    // Sender is not allowed to see exceptions other than syntax errors
> +    ExceptionCode ec; 
> +    document()->dispatchEvent(new MessageEvent(message, sourceOrigin, source),
> ec, true);
> Should ec be initialized to 0?

Since it's just a placeholder for a return value that we throw away, I don't
think it needs to be initialized. There are other examples of this pattern in

> +        [DoNotCheckDomainSecurity, Custom] void postMessage(in DOMString
> message, in [Optional] DOMString origin)
> Let's call it targetOrigin here as well.


> +    if (m_port) {
> +      append(result, ":");
> +      append(result, String::number(m_port));
> +    }
> Looks like the indentation got messed up here.


> +        // Okay deleted value because "invalid-protocol" is not a valid
> protocol.
> What makes it invalid?

Only convention. We tightened up the interface to make it hard to construct
nonsense security origins, but SecurityOriginHash wants a nonsense security
origin anyway. The code was relying on a different convention (file URLs don't
have non-zero ports) before, but it's no longer possible to construct that
security origin, so we went with a nonsense scheme instead.

I've changed the comment to the following: 
// Ok deleted value assuming "invalid-protocol" is not a valid protocol

> You should use svn cp when renaming the tests so that the history is preserved
> (maybe  you already did this and it didn't come through in the diff).


I think this patch is ready to land.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list