Web Messaging: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 19:39, 30 October 2020 edit Jarble (talk \| contribs) Autopatrolled, Extended confirmed users 149,430 edits tagging a broken link ← Previous edit		Latest revision as of 14:45, 10 May 2024 edit undo Mindmatrix (talk \| contribs) Autopatrolled, Administrators 186,905 edits m Reverted edit by Staunchtechie (talk) to last version by Jarble Tag: Rollback
(10 intermediate revisions by 7 users not shown)
Line 1: {{HTML}} '''Web Messaging''', or '''cross-document messaging''', is an [[API]] introduced in the [[WHATWG]] [[HTML5]] draft specification, allowing documents to communicate with one another across different origins, or source domains<ref name="WHATWG"/> while rendered in a [[web browser]]. Prior to HTML5, web browsers disallowed [[cross-site scripting]], to protect against security attacks. This practice barred communication between non-hostile pages as well, making document interaction of any kind difficult.<ref name="WHATWG"/><ref name="WebKit"/> Cross-document messaging allows scripts to interact across these boundaries, while providing a rudimentary level of security. ==Requirements and attributes== Line 9: * the window which opened the sender document The message <code>event</code> being received has the following attributes: * <code>data</code> -– The data, or actual content, of the incoming message. * <code>origin</code> -– The origin of the sender document. This typically includes the scheme, hostname and port. It does not include the path or fragment identifier.<ref name="WHATWG"/> * <code>source</code> -– the <code>WindowProxy</code> of where the document came from (the source window). <code>postMessage</code> is not a blocking call; messages are processed asynchronously.<ref>{{Cite web\|url=http://www.w3.org/TR/2010/WD-webmessaging-20101118/#web-messaging\|title = HTML5 Web Messaging}}</ref> ==Example== Line 35: window.addEventListener('message', receiver, false); </syntaxhighlight> An [[event listener]] is set up to receive messages from document A. Using the <code>origin</code> property, it then checks that the domain of the sender is the expected domain. Document B then looks at the message, either displaying it to the user, or responding in turn with a message of its own for document A.<ref name="WHATWG"/> ==Security== Line 46: * [[Cross-site scripting]] * [[Cross-site request forgery]] * [[Same -origin policy]] * [[Cross-origin resource sharing]] * [[JSONP]] Line 54: <ref name="WHATWG">[http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#web-messaging ''Cross-Document Messaging – HTML Draft Standard'']</ref> <ref name="INTRODUCING">Remy, Sharp, ''Messages, Workers, and Sockets'', ''Introducing HTML5'', New Riders, 2011, p. 197-199</ref> <ref name="WebKit">[https://developer.apple.com/library/mac/#documentation/AppleApplications/Conceptual/SafariJSProgTopics/Articles/Cross-documentmessaging.html ''WebKit DOM Programming Topics - Cross Document Messaging'']{{dead link\|date=October 2020}}</ref> <ref name="Security">[http://www.veracode.com/blog/2010/05/html5-security-in-a-nutshell/ ''HTML5 Security in a Nutshell'']</ref> <ref name="canIuse">[http://caniuse.com/x-doc-messaging ''When can I use Cross-Document Messaging?'']</ref> <ref name="SUPPORT">[http://molly.com/html5/html5-0709.html ''A Selection of Supported Features in HTML5'']{{dead link\|date=October 2020}}</ref>}} ==External links== Line 63: * [http://dev.w3.org/html5/postmsg/ HTML5 Web Messaging specification] * {{citation \|url=http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#web-messaging \|title=''Cross-Document Messaging – HTML Draft Standard'' \|publisher=[[Web Hypertext Application Technology Working Group\|WHATWG]]}} * {{citation \|url=https://developer.apple.com/library/mac/#documentation/AppleApplications/Conceptual/SafariJSProgTopics/Articles/Cross-documentmessaging.html \|title=''WebKit DOM Programming Topics - Cross Document Messaging'' \|publisher=Apple Developer Library~~}}{{~~ \|access-date=2013-12-29 \|archive-date=2012-06-09 \|archive-url=https://web.archive.org/web/20120609170929/http://developer.apple.com/library/mac/#documentation/AppleApplications/Conceptual/SafariJSProgTopics/Articles/Cross-documentmessaging.html \|url-status=dead ~~link~~}} * {{citation \|url=http://www.veracode.com/blog/2010/05/html5-security-in-a-nutshell/ \|title=''HTML5 Security in a Nutshell'' \|date=2010-05-17 \|first=Chris \|last=Eng \|publisher=Veracode}} * {{citation \|url=http://caniuse.com/x-doc-messaging \|title=''When can I use Cross-Document Messaging?'' \|publisher=CanIUse}}