SlideShare a Scribd company logo

HTML5 Web Messaging

Download as KEY, PDF
M
Mike Taylor

This document discusses HTML5 web messaging and the same origin policy. It introduces the MessageEvent object used to handle cross-document messaging and describes how to use the postMessage() method and MessageChannel interface to communicate across browsing contexts from different origins securely. Examples are given of using web messaging to extend the browser's capabilities by communicating between injected scripts, pages, and background processes.

Related slideshows

Leave No One Behind with HTML5 - FFWD.PRO, Croatia
Leave No One Behind with HTML5 - FFWD.PRO, CroatiaLeave No One Behind with HTML5 - FFWD.PRO, Croatia
Leave No One Behind with HTML5 - FFWD.PRO, Croatia
 
HTML5, The Open Web, and what it means for you - MDN Hack Day, Sao Paulo
HTML5, The Open Web, and what it means for you - MDN Hack Day, Sao PauloHTML5, The Open Web, and what it means for you - MDN Hack Day, Sao Paulo
HTML5, The Open Web, and what it means for you - MDN Hack Day, Sao Paulo
 
神に近づくx/net/context (Finding God with x/net/context)
神に近づくx/net/context (Finding God with x/net/context)神に近づくx/net/context (Finding God with x/net/context)
神に近づくx/net/context (Finding God with x/net/context)
 
1 of 73
HTML5 Web Messaging @miketaylr
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
The Problem
what if the cats want to communicate with the ads?
var f = frames[0].a;
HTML5 Web Messaging
Same Origin Policy
Same Origin Policy Port Protocol Host *note this is a simplification. see http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
http://www.reddit.com http://www.reddit.com/r/fffffffuuuuuuuuuuuu/
http://www.reddit.com/ http://static.reddit.com/
http://www.reddit.com/ http://static.reddit.com/ document.domain = “reddit.com”
http://www.reddit.com:80/ http://www.reddit.com:9001/
http://www.reddit.com https://www.reddit.com/
Ways we cope • window.name • document.domain • JSONP • <iframe> hell • proxies
HTML5 Web Messaging
The Message Event Object
interface MessageEvent : Event { readonly attribute any data; readonly attribute DOMString origin; readonly attribute DOMString lastEventId; readonly attribute WindowProxy source; readonly attribute MessagePortArray ports; void initMessageEvent(blah,blah,blah x 16); };
event.data
event.origin
event.source this is the browsing context from which the message was sent
event.ports
remember this is the problem, right?
HTML5 Web Messaging
HTML5 Web Messaging
postMessage()
window.postMessage(message, targetOrigin [, ports ])
window.postMessage(‘{rofl: “copter”}’...)
window.postMessage(message, targetOrigin [, ports ])
window.postMessage(‘(ˆ–ˆ)/’, ‘*’)
window.postMessage(‘(ˆ–ˆ)/’, ‘/’)
window.postMessage(‘(ˆ–ˆ)/’, ‘http://miketaylr.com’)
window.top window.addEventListener('DOMContentLoaded', function(){ //var f = frames[0].a; var child = document.getElementsByTagName(‘iframe’)[0]; child.contentWindow.postMessage('a', '*'); }, false);
window.frames[0] var a = "yay!"; window.addEventListener('message', function(event){ event.source.postMessage(window[event.data], '*'); }, false);
window.top window.addEventListener('message', function(event){ alert(event.data); }, false);
HTML5 Web Messaging
window.top window.addEventListener('DOMContentLoaded', function(){ //var f = frames[0].a; var child = document.getElementsByTagName(‘iframe’)[0]; child.contentWindow.postMessage('a', 'http://omgponies.com'); }, false);
window.frames[0] var a = "yay!"; window.addEventListener('message', function(event){ if (event.origin == ‘http://omgponies.com’){ event.source.postMessage(window[event.data], '*'); } }, false);
http://caniuse.com/#search=postMessage
HTML5 Web Messaging
[Constructor] interface MessageChannel { readonly attribute MessagePort port1; readonly attribute MessagePort port2; };
var channel = new MessageChannel()
channel.port1
channel.port2
http://javascript.g.hatena.ne.jp/edvakf/20100109/1263070731
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
Using Messaging to Extend the Browser
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
HTML5 Web Messaging
popup.html injected script options.html page background process
HTML5 Web Messaging
background.js window.opera.extension.addEventListener( 'connect', function( e ){ //Tell the injected script which theme to use e.source.postMessage( {'theme': widget.preferences.theme} ); }, false ); hilite.js opera.extension.addEventListener( 'message', function( e ) { var theme = e.data.theme, hl = new Hilighter( theme, window, document ); hl.init(); }, false);
postMessage() injected background page script process connect
HTML5 Web Messaging
HTML5 Web Messaging
EventSource Events var f = new EventSource(‘/awesome/sauce/’); f.addEventListener( 'message', function( e ) { var stuff = e.data //etc. }, false);
event.lastEventId
HTML5 Web Messaging
WebSockets Events var f = new WebSocket(‘ws://awesome/sauce/’); f.addEventListener( 'message', function( e ) { var stuff = e.data //etc. }, false);
HTML5 Web Messaging
Say Hi email: miket@opera.com tweets: @miketaylr
Obrigado

More Related Content

HTML5 Web Messaging

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n
  52. \n
  53. \n
  54. \n
  55. \n
  56. \n
  57. \n
  58. \n
  59. \n
  60. \n
  61. \n
  62. \n
  63. \n
  64. \n
  65. \n
  66. \n
  67. \n
  68. \n
  69. \n
  70. \n
  71. \n
  72. \n