Re: [ServiceWorker] ServiceWorker scriptURL XSS Filtering (#743) from Jeffrey Posnick on 2015-09-01 (public-webapps-github@w3.org from September 2015)

From: Jeffrey Posnick <notifications@github.com>
Date: Tue, 01 Sep 2015 07:42:40 -0700
To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
Message-ID: <slightlyoff/ServiceWorker/issues/743/136745915@github.com>

The restrictions are proposed for both query string parameter names and values, correct?

In the `<platinum-sw>` use case:
- query string parameter names are present in the [underlying service worker script](https://github.com/PolymerElements/platinum-sw/blob/master/service-worker.js), but all are currently < 20 bytes.
- query string parameter values are **not** present in the [underlying service worker script](https://github.com/PolymerElements/platinum-sw/blob/master/service-worker.js), but are commonly > 20 bytes.

Just throwing this out there as an example of how URL query string parameters are being used "in the wild". Using the URL query string to configure the behavior of the underlying service worker leads to a pretty nice developer experience, and I wouldn't be surprised if other library developers adopt a similar approach.

---
Reply to this email directly or view it on GitHub:
https://github.com/slightlyoff/ServiceWorker/issues/743#issuecomment-136745915

Received on Tuesday, 1 September 2015 14:43:08 UTC