This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 8490 - Shouldn't postMessage throw SYNTAX_ERR when targetOrigin is a relative URL (e.g. '/')? [sp]
Summary: Shouldn't postMessage throw SYNTAX_ERR when targetOrigin is a relative URL (e...
Status: CLOSED FIXED
Alias: None
Product: HTML WG
Classification: Unclassified
Component: pre-LC1 HTML5 spec (editor: Ian Hickson) (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: LC
Assignee: Ian 'Hixie' Hickson
QA Contact: HTML WG Bugzilla archive list
URL: http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-14 12:48 UTC by contributor
Modified: 2010-10-04 13:58 UTC (History)
5 users (show)

See Also:

Attachments

Description contributor 2009-12-14 12:48:05 UTC 
Section: http://www.whatwg.org/specs/web-apps/current-work/#posting-messages

Comment:
Shouldn't postMessage throw SYNTAX_ERR when targetOrigin is a relative URL
(e.g. '/')?  [sp]

Posted from: 88.131.66.80
Comment 1 Ian 'Hixie' Hickson 2010-01-06 07:57:19 UTC 
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Rejected
Change Description: no spec change
Rationale: It does, except for "/". Allowing "/" is useful in that it allows same-origin scripts to communicate without them having to construct their origin string.

(It probably wouldn't take much to convince me otherwise. If there's a reason to disallow "/" as well, please do reopen the bug.)
Comment 2 Simon Pieters 2010-01-08 15:56:05 UTC 
Ok. It would be useful to have a note about the value "/", though.
Comment 3 Simon Pieters 2010-01-12 06:20:35 UTC 
...and the value "" (which sometimes throws and sometimes not, depending on the document's URL).
Comment 4 Anne 2010-01-31 01:00:00 UTC 
Maybe we should instead make "/" a special value just like "*" is instead of actually resolving anything.

As a side effect that would also enable messages between a top-level data URL that embeds another data URL I think.
Comment 5 Ian 'Hixie' Hickson 2010-02-14 05:43:55 UTC 
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Accepted
Change Description: see diff given below
Rationale: Anne's idea is a good idea.
Comment 6 contributor 2010-02-14 05:44:09 UTC 
Checked in as WHATWG revision r4720.
Check-in comment: Change postMessage()'s targetOrigin argument to not actually resolve but to just treat '/' specially. This will mean that targetOrigin can no longer be in the form '//example.com/' and can no longer be the empty string.
http://html5.org/tools/web-apps-tracker?from=4719&to=4720
Comment 7 Ian 'Hixie' Hickson 2010-08-11 01:12:13 UTC 
The spec has changed in a way that affects the change above. See bug 10211.