When writing a JavaScript library that uses postMessage and the message event, I must be considerate of other JS code that will be
running along side my library. I shouldn't assume I'm the only sender and receiver on a caller provided MessagePort object. This means obviously I should use addEventListener("message" rather than
the onmessage property (see related What if two programs did this?). But considering the actual messages traveling
over the message channel I have the issue of accidentally processing another libraries messages and having another library accidentally process my own message. I have a few options for playing nice
in this regard:
Require a caller provided unique MessagePort
This solves the problem but puts a lot of work on the caller who may not notice nor follow this requirement.
Uniquely mark my messages
To ensure I'm acting upon my own messages and not messages that happen to have similar properties as my own, I place a 'type' property on my postMessage data with a value of a URN unique to me
and my JS library. Usually because its easy I use a UUID URN. There's no way someone will coincidentally produce this same URN. With this I can
be sure I'm not processing someone else's messages. Of course there's no way to modify my postMessage data to prevent another library from accidentally processing my messages as their own. I
can only hope they take similar steps as this and see that my messages are not their own.
Use caller provided MessagePort only to upgrade to new unique MessagePort
I can also make my own unique MessagePort for which only my library will have the end points. This does still require the caller to provide an initial message channel over which I can
communicate my new unique MessagePort which means I still have the problems above. However it clearly reduces the surface area of the problem since I only need once message to communicate the
new MessagePort.
The best solution is likely all of the above.
Photo is Sharing by leezie5. Two squirrels sharing food hanging from a bird
feeder. Used under Creative Commons license Attribution-NonCommercial-NoDerivs 2.0 Generic.
“Both men bought tickets that gave them unlimited first-class travel for life on American Airlines. “
“He was airborne almost every other day. If a friend mentioned a new exhibit at the Louvre, Rothstein thought nothing of jetting from his Chicago home to San Francisco to pick her up and then fly
to Paris together.”
“She pulled years of flight records for Rothstein and Vroom and calculated that each was costing American more than $1 million a year.”
Dark Patterns are UI patterns used to trick users into doing things they’d otherwise rather not: buy traveler’s insurance, click on ads, etc. Covers the anti-patterns and how we as
technical folk can help stop this.
2011 Jul 18, 2:38Neat idea: "When the user wants to visit a blacklisted site, the client establishes an encrypted HTTPS connection to a non-blacklisted web server outside the censor’s network, which could be a normal
site that the user regularly visits... The client secretly marks the connection as a Telex request by inserting a cryptographic tag into the headers. We construct this tag using a mechanism called
public-key steganography... As the connection travels over the Internet en route to the non-blacklisted site, it passes through routers at various ISPs in the core of the network. We envision that
some of these ISPs would deploy equipment we call Telex stations."internetsecuritytoolscensorshiptechnical
2010 Apr 29, 11:45"...Well guess what? The demand for hotel WiFi has not gone away, quite the opposite, a growing number of hotel guests not only demand the hotel they book have proper wireless access but most will
consider *not* staying at a hotel that can't meet their basic access needs." hotelwifitechnicalstatisticstravelnetworkinternetwirelessvia:boingboing
2010 Jan 5, 5:47Oppresive airport security brings people together! 'A traveling guitarist is becoming viral sensation after leading a group of passengers in a rousing round of the Beatles' classic "Hey Jude" while
stuck at Newark airport over the weekend.' Includes videovideohumorairportsecuritymusicbeatles
2009 Nov 5, 2:07Two guys sponsored by MicroBilt to travel around the country and make totally awesome commercials for local companies. Includes such gems as Salt Lake Community Barbering & Cosmetology School:
"Your hairdo is only limited by your immagination. And how far along we are in the semester.", as well as Cullman Liquidation: "They're used. Some of them have stains. We cover that up."via:boingboingvideoadvertisingcommercialtvmonthly
2009 Oct 15, 6:33"Besides the canonical Bristlecone Pine, there are many other organism on earth that will outlive you. Photographer Rachel Sussman has been traveling around the world to find and photograph
them." phototimenaturebiologyage
When writing a JavaScript library that uses postMessage and the message event, I must be considerate of other JS code that will be
running along side my library. I shouldn't assume I'm the only sender and receiver on a caller provided MessagePort object. This means obviously I should use addEventListener("message" rather than
the onmessage property (see related What if two programs did this?). But considering the actual messages traveling
over the message channel I have the issue of accidentally processing another libraries messages and having another library accidentally process my own message. I have a few options for playing nice
in this regard:
Some rights reserved