[SHINDIG-416] Implement window.opener-based IE transport ("NIX") in gadgets.rpc - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: None
Component/s: Javascript
Labels:
None

Description

Joey Schorr and I have been developing a technique for high-speed cross-domain message passing in IE6 and IE7 that exploits an odd property: for a given window object, window.opener can be set by any party, but only read by the controlling window.

The message-passing technique is to pass a "channel creation" object from the container, across domain boundaries, to the gadget. The gadget uses this object to establish a bi-directional communication channel used by all subsequent gadgets.rpc calls.

We can't pass a JavaScript object through window.opener, however, because doing so enables access to the passing agent's full window context. Eg. if the container sets window.opener = function()

{ ... }

, then the gadget can access the entire container page with:
var containerWindow = (new window.opener.constructor("return window;"))();

Instead, we pass a VBScript (COM) wrapper through window.opener, since COM objects don't have this property. The gadget passes back such a wrapper as well, ensuring mutually isolated contexts.

Patch forthcoming.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

rpc.js.patch
25/Aug/08 20:12
16 kB
John Hjelmstad

Activity

People

Assignee:: John Hjelmstad

Reporter:: John Hjelmstad

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 02/Jul/08 02:15

Updated:: 21/Oct/08 21:09

Resolved:: 21/Oct/08 21:09

Agile

View on Board

Implement window.opener-based IE transport ("NIX") in gadgets.rpc

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment