Skip to content

Commit b29f9ee

Browse files
domenicdomenic
committed
Use only the incumbent global in postMessage
Previously one of the origin checks was performed with the entry settings object, while the origin and source attributes of the resulting MessageEvent were derived from the incumbent settings object. At least WebKit and Blink appear to use the same global for both, and it makes sense to align the checks on the same global. The difference is only observable in test cases that fiddle with document.domain, as entry and incumbent are always same origin-domain (but, in document.domain cases, not always same origin). Fixes #1542. Helps #1431 but hurts #1430.
1 parent 0c45df8 commit b29f9ee

File tree

1 file changed

+5
-3
lines changed

1 file changed

+5
-3
lines changed

source

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -94253,9 +94253,11 @@ function receiver(e) {
9425394253
<li><p>Let <var>targetRealm</var> be this <code>Window</code> object's <span
9425494254
data-x="concept-global-object-realm">Realm</span>.</p></li>
9425594255

94256-
<li><p>Let <var>entrySettings</var> be the <span>entry settings object</span>.</p></li>
94257-
9425894256
<li><p>Let <var>incumbentSettings</var> be the <span>incumbent settings object</span>.</p></li>
94257+
<!-- This is one of the few cases where incumbent is probably the right choice. Current or
94258+
relevant would mean that the MessageEvent's source property always points to the "calling"
94259+
window, in same-origin cases. See discussion at
94260+
https://github.com/whatwg/html/issues/1542#issuecomment-233502636 -->
9425994261

9426094262
<li><p>Let <var>cloneRecord</var> be <span>StructuredCloneWithTransfer</span>(<var>message</var>,
9426194263
<var>transfer</var>, <var>targetRealm</var>). Rethrow any exceptions.</p></li>
@@ -94274,7 +94276,7 @@ function receiver(e) {
9427494276
<p>If the <var>targetOrigin</var> argument is a single literal U+002F SOLIDUS
9427594277
character (/), and the <code>Document</code> of the <code>Window</code> object on which the
9427694278
method was invoked does not have the <span>same origin</span> as the <span>responsible
94277-
document</span> specified by <var>entrySettings</var>, then abort these steps silently.</p>
94279+
document</span> specified by <var>incumbentSettings</var>, then abort these steps silently.</p>
9427894280

9427994281
<p>Otherwise, if the <var>targetOrigin</var> argument is an <span>absolute URL</span>,
9428094282
and the <code>Document</code> of the <code>Window</code> object on which the method was invoked

0 commit comments

Comments
 (0)