HTML5 Web Messaging
- 16. Same Origin Policy
Port
Protocol
Host
*note this is a simplification.
see http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
- 22. Ways we cope
• window.name
• document.domain
• JSONP
• <iframe> hell
• proxies
- 25. interface MessageEvent : Event {
readonly attribute any data;
readonly attribute DOMString origin;
readonly attribute DOMString lastEventId;
readonly attribute WindowProxy source;
readonly attribute MessagePortArray ports;
void initMessageEvent(blah,blah,blah x 16);
};
- 41. window.frames[0]
var a = "yay!";
window.addEventListener('message', function(event){
event.source.postMessage(window[event.data], '*');
}, false);
- 45. window.frames[0]
var a = "yay!";
window.addEventListener('message', function(event){
if (event.origin == ‘http://omgponies.com’){
event.source.postMessage(window[event.data], '*');
}
}, false);
- 61. popup.html
injected
script
options.html
page background
process
- 64. postMessage()
injected background
page script
process
connect
- 67. EventSource Events
var f = new EventSource(‘/awesome/sauce/’);
f.addEventListener( 'message', function( e ) {
var stuff = e.data
//etc.
}, false);
- 70. WebSockets Events
var f = new WebSocket(‘ws://awesome/sauce/’);
f.addEventListener( 'message', function( e ) {
var stuff = e.data
//etc.
}, false);
Editor's Notes
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n
- \n