[Webkit-unassigned] [Bug 17099] Add Mozilla tests for postMessage, fix bugs they reveal

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri May 9 15:58:14 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=17099


jwalden+bwo at mit.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                URL|http://lists.whatwg.org/pipe|http://lists.whatwg.org/pipe
                   |rmail/whatwg-               |rmail/whatwg-
                   |whatwg.org/2008-            |whatwg.org/2008-
                   |January/013795.html         |May/014665.html




------- Comment #6 from jwalden+bwo at mit.edu  2008-05-09 15:58 PDT -------
Tests updated to latest spec, a second time since original posts.

Current failures I see, latest source:
- not throwing security exception accessing variable in other window (returning
  undefined, presumably); not inherently postMessage-related
- event.target is document (but target of dispatch is correctly window)
- some funkiness related to a closed-window test, not sure what's up with it
- you choke with a SYNTAX_ERR if targetOrigin is IDN
- you're using the value of document.domain for determining origin -- you
  should use the actual location
- data: URI origins not following HTML5 spec mean a test where a data: URI
  reaches into its parent ends up failing

The fifth is probably most important -- it's a spoofing concern for hosts which
give out subdomains (although at least it isn't a two-way channel unless "*" is
used with the response, rather only subdomain->other).  Fourth is next because
it's not immediately obvious the failure would always be an exception thrown,
and if it's a fail any way it'll be completely silent.  Second depends how
smart code is at recognizing that, excepting listeners set across pages,
.target === window -- I'd bet it'd be fairly rare.  The others are worth fixing
but are either edge-case behavior or behavior that was one way but the spec now
says do something else, so they're not super-duper important right now.


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list