otherWindow.postMessage(message, targetOrigin, [transfer]);
对于第二个参数,mdn的解释是:
Specifies what the origin of otherWindow must be for the event to be
dispatched, either as the literal string "*" (indicating no
preference) or as a URI. If at the time the event is scheduled to be
dispatched the scheme, hostname, or port of otherWindow's document
does not match that provided in targetOrigin, the event will not be
dispatched; only if all three match will the event be dispatched.
我自己也测试了一下。大概就是说这个参数指定 目标窗口的源(scheme+host+port),如果目标窗口的源不符合要求,就不会被派发message事件。
我不明白做这件事有什么意义?otherwindow.postMessage不是已经指定了目标窗口吗,难道它的src有可能改变?
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
The url of any window can be changed, so not specifying this parameter is a security issue.
postMessage can be communicated across windows, not necessarily between the parent window and iframe.
So, it is very likely that another window has jumped to another uri..., and otherWindow is still pointing to that window