More Related Content Similar to HTML5 Web Messaging (20) HTML5 Web Messaging16. Same Origin Policy
Port
Protocol
Host
*note this is a simplification.
see http://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy
22. Ways we cope
• window.name
• document.domain
• JSONP
• <iframe> hell
• proxies
25. interface MessageEvent : Event {
readonly attribute any data;
readonly attribute DOMString origin;
readonly attribute DOMString lastEventId;
readonly attribute WindowProxy source;
readonly attribute MessagePortArray ports;
void initMessageEvent(blah,blah,blah x 16);
};
41. window.frames[0]
var a = "yay!";
window.addEventListener('message', function(event){
event.source.postMessage(window[event.data], '*');
}, false);
45. window.frames[0]
var a = "yay!";
window.addEventListener('message', function(event){
if (event.origin == ‘http://omgponies.com’){
event.source.postMessage(window[event.data], '*');
}
}, false);
61. popup.html
injected
script
options.html
page background
process
64. postMessage()
injected background
page script
process
connect
67. EventSource Events
var f = new EventSource(‘/awesome/sauce/’);
f.addEventListener( 'message', function( e ) {
var stuff = e.data
//etc.
}, false);
70. WebSockets Events
var f = new WebSocket(‘ws://awesome/sauce/’);
f.addEventListener( 'message', function( e ) {
var stuff = e.data
//etc.
}, false);
Editor's Notes \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n