Simon Willison's Weblog: windownamehttp://simonwillison.net/2008-07-23T16:25:51+00:00Simon Willisonwindow.name Transport2008-07-23T16:25:51+00:002008-07-23T16:25:51+00:00https://simonwillison.net/2008/Jul/23/sitepen/#atom-tag
<p><strong><a href="http://www.sitepen.com/blog/2008/07/22/windowname-transport/">window.name Transport</a></strong></p>
The cleverest use of the window.name messaging hack I’ve seen yet: Dojo now has dojox.io.windowName.send for safe, performant cross-domain messaging.
<p>Tags: <a href="https://simonwillison.net/tags/crossdomain">crossdomain</a>, <a href="https://simonwillison.net/tags/dojo">dojo</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/windowname">windowname</a></p>
quipt2008-07-04T15:49:58+00:002008-07-04T15:49:58+00:00https://simonwillison.net/2008/Jul/4/quipt/#atom-tag
<p><strong><a href="http://code.google.com/p/quipt/">quipt</a></strong></p>
Extremely clever idea: Cache JavaScript in window.name (which persists between page views and can hold several MB of data), but use document.referrer to check that an external domain hasn’t loaded the cache with malicious code for an XSS attack. UPDATE: Jesse Ruderman points out a fatal flaw in the comments.
<p><small></small>Via <a href="http://ajaxian.com/archives/quipt-caching-js-in-windowname">Ajaxian</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/caching">caching</a>, <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/optimisation">optimisation</a>, <a href="https://simonwillison.net/tags/quipt">quipt</a>, <a href="https://simonwillison.net/tags/referrer">referrer</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/windowname">windowname</a>, <a href="https://simonwillison.net/tags/xss">xss</a></p>