Closed
Bug 417075
Opened 16 years ago
Closed 16 years ago
Update postMessage and MessageEvent to reflect domain/uri being replaced by origin, optional origin argument
Categories
(Core :: DOM: Core & HTML, defect, P2)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla1.9beta4
People
(Reporter: Waldo, Assigned: Waldo)
References
()
Details
(Keywords: dev-doc-complete)
Attachments
(1 file, 1 obsolete file)
74.43 KB,
patch
|
sicking
:
review+
sicking
:
superreview+
beltzner
:
approval1.9+
|
Details | Diff | Splinter Review |
origin/uri properties were removed from MessageEvent because uri communicates username/password and domain doesn't include a port, which is insufficient for shared-host situations where different ports are controlled by different entities. This change is fairly simple; I almost have a working patch, and most of the changes are to tests.
Comment 1•16 years ago
|
||
The postMessage API now also takes an optional "origin" parameter to protect the confidentiality of messages: http://html5.org/tools/web-apps-tracker?from=1216&to=1217
Assignee | ||
Comment 2•16 years ago
|
||
Apologies about the patch size; this basically required me to make changes to every test using postMessage.
Attachment #302961 -
Flags: superreview?(jonas)
Attachment #302961 -
Flags: review?(jonas)
Assignee | ||
Comment 3•16 years ago
|
||
Comment on attachment 302961 [details] [diff] [review] Patch Blah, there are intricate steps in the spec now, and I haven't checked whether we exactly follow them or not yet.
Attachment #302961 -
Flags: superreview?(jonas)
Attachment #302961 -
Flags: review?(jonas)
Assignee | ||
Updated•16 years ago
|
Summary: Update postMessage and MessageEvent to reflect domain/uri being replaced by origin → Update postMessage and MessageEvent to reflect domain/uri being replaced by origin, optional origin argument
Assignee | ||
Comment 4•16 years ago
|
||
So step 2 can basically be summarized as: if a non-null origin is given, throw a syntax error if it's not a valid URI, and otherwise if that URI's scheme, host, and port don't match those of the target document return silently. (There's some differences with respect to data: URLs and how they have a globally unique identifier as an origin, but I can't quite see us changing that at this stage in the release cycle.) The todos in that test are basically either NS_NewURI accepting non-URI input or our nsStandardURL-based IDN spoofing solution affecting the computed value of an origin with respect to punycoding (bug 414090). If there's a stricter URI-creation function than NS_NewURI, I'd love to know about it; see the list of tests in test_postMessage_origin.xhtml whose {...} object literals contain an empty line. The current set of non-IDN failure messages is: todo - should throw on test #4 - "http: //" todo - should throw on test #6 - " http://localhost:8888" todo - should throw on test #9 - "http: //localhost:8888" todo - should throw on test #11 - "http:// localhost:8888" todo - should throw on test #12 - "http://\nlocalhost:8888" todo - should throw on test #13 - "http://localhost:8888\0" todo - should throw on test #14 - "http://localhost:8888\n" I'm not 100% sure that all of these are invalid URIs, so a quick double-check would be nice. This patch relies on the patch in bug 417218 for the tests with the "standardURLBug" property to work correctly. Without that patch, I could add: else if (test.standardURLBug) todo(called, "should have been called for test #" + i); and I believe they'd show up as todos. (I had this briefly in my tree until I created the patch, at which point I removed it to be sure it worked correctly, and I didn't copy the exact code I added.)
Attachment #302961 -
Attachment is obsolete: true
Attachment #303214 -
Flags: superreview?(jst)
Attachment #303214 -
Flags: review?(jonas)
Assignee | ||
Updated•16 years ago
|
Comment 5•16 years ago
|
||
Either this blocks, or we cut postMessage. Given the test backup, we should take it, imho.
Flags: blocking1.9?
Comment on attachment 303214 [details] [diff] [review] Patch, follows spec directions, more tests, tests, tests! >Index: dom/src/base/nsGlobalWindow.cpp >+ if (NS_FAILED(targetOrigin->Clone(getter_AddRefs(targetOrigin))) || This isn't safe on all compilers. The evaluation order between |targetOrigin->| and |getter_AddRefs(targetOrigin)| is undefined. If the latter executes before there will be badness since getter_AddRefs nulls out its argument. Same thing for callerOrigin.
Attachment #303214 -
Flags: superreview?(jst)
Attachment #303214 -
Flags: superreview+
Attachment #303214 -
Flags: review?(jonas)
Attachment #303214 -
Flags: review+
Assignee | ||
Comment 7•16 years ago
|
||
Comment on attachment 303214 [details] [diff] [review] Patch, follows spec directions, more tests, tests, tests! I've changed the two to *URI and then cloned to *Origin locally but don't have the time right now to rebuild and rerun Mochitests; will do so before checkin, but want to get the approval request filed as early as possible.
Attachment #303214 -
Flags: approval1.9?
Updated•16 years ago
|
Flags: blocking1.9? → blocking1.9+
Priority: -- → P2
Comment 8•16 years ago
|
||
Comment on attachment 303214 [details] [diff] [review] Patch, follows spec directions, more tests, tests, tests! a=beltzner for 1.9
Attachment #303214 -
Flags: approval1.9? → approval1.9+
Assignee | ||
Comment 9•16 years ago
|
||
Fixed.
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9beta4
Assignee | ||
Comment 10•16 years ago
|
||
I updated the postMessage article to describe the new syntax.
Keywords: dev-doc-complete
Updated•11 years ago
|
Component: DOM: Mozilla Extensions → DOM
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•