Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
None
Description
Joey Schorr and I have been developing a technique for high-speed cross-domain message passing in IE6 and IE7 that exploits an odd property: for a given window object, window.opener can be set by any party, but only read by the controlling window.
The message-passing technique is to pass a "channel creation" object from the container, across domain boundaries, to the gadget. The gadget uses this object to establish a bi-directional communication channel used by all subsequent gadgets.rpc calls.
We can't pass a JavaScript object through window.opener, however, because doing so enables access to the passing agent's full window context. Eg. if the container sets window.opener = function()
{ ... }, then the gadget can access the entire container page with:
var containerWindow = (new window.opener.constructor("return window;"))();
Instead, we pass a VBScript (COM) wrapper through window.opener, since COM objects don't have this property. The gadget passes back such a wrapper as well, ensuring mutually isolated contexts.
Patch forthcoming.