关于html5 postMessage安全问题的疑问?
otherWindow.postMessage(message, targetOrigin, [transfer]);
对于第二个参数,mdn的解释是:
Specifies what the origin of otherWindow must be for the event to be
dispatched, either as the literal string "*" (indicating no
preference) or as a URI. If at the time the event is scheduled to be
dispatched the scheme, hostname, or port of otherWindow's document
does not match that provided in targetOrigin, the event will not be
dispatched; only if all three match will the event be dispatched.
我自己也测试了一下。大概就是说这个参数指定 目标窗口的源(scheme+host+port),如果目标窗口的源不符合要求,就不会被派发message事件。
我不明白做这件事有什么意义?otherwindow.postMessage不是已经指定了目标窗口吗,难道它的src有可能改变?
