Skip to content

Commit 8259a69

Browse files
domenicdomenic
authored
Use only the incumbent global in postMessage
Previously one of the origin checks was performed with the entry settings object, while the origin and source attributes of the resulting MessageEvent were derived from the incumbent settings object. At least WebKit and Blink appear to use the same global for both, and it makes sense to align the checks on the same global. The difference is only observable in test cases that fiddle with document.domain, as entry and incumbent are always same origin-domain (but, in document.domain cases, not always same origin). Fixes #1542. Helps #1431 but hurts #1430.
1 parent 43c5786 commit 8259a69

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

source

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94262,9 +94262,11 @@ function receiver(e) {
9426294262
<li><p>Let <var>targetRealm</var> be this <code>Window</code> object's <span
9426394263
data-x="concept-global-object-realm">Realm</span>.</p></li>
9426494264

94265-
<li><p>Let <var>entrySettings</var> be the <span>entry settings object</span>.</p></li>
94266-
9426794265
<li><p>Let <var>incumbentSettings</var> be the <span>incumbent settings object</span>.</p></li>
94266+
<!-- This is one of the few cases where incumbent is probably the right choice. Current or
94267+
relevant would mean that the MessageEvent's source property always points to the "calling"
94268+
window, in same-origin cases. See discussion at
94269+
https://github.com/whatwg/html/issues/1542#issuecomment-233502636 -->
9426894270

9426994271
<li><p>Let <var>cloneRecord</var> be <span>StructuredCloneWithTransfer</span>(<var>message</var>,
9427094272
<var>transfer</var>, <var>targetRealm</var>). Rethrow any exceptions.</p></li>
@@ -94283,7 +94285,7 @@ function receiver(e) {
9428394285
<p>If the <var>targetOrigin</var> argument is a single literal U+002F SOLIDUS
9428494286
character (/), and the <code>Document</code> of the <code>Window</code> object on which the
9428594287
method was invoked does not have the <span>same origin</span> as the <span>responsible
94286-
document</span> specified by <var>entrySettings</var>, then abort these steps silently.</p>
94288+
document</span> specified by <var>incumbentSettings</var>, then abort these steps silently.</p>
9428794289

9428894290
<p>Otherwise, if the <var>targetOrigin</var> argument is an <span>absolute URL</span>,
9428994291
and the <code>Document</code> of the <code>Window</code> object on which the method was invoked

0 commit comments

Comments
 (0)