On May 12, 2014 8:57 AM, "Arun Ranganathan" <arun@mozilla.com> wrote: > On May 12, 2014, at 10:31 AM, Boris Zbarsky <bzbarsky@MIT.EDU> wrote: > > > On 5/12/14, 5:28 AM, Anne van Kesteren wrote: > >> so blob:https://origin:42/uuid would be fine. > > > > I'd really rather we didn't make web pages parse these strings to get the origin. A static method on Blob that takes a valid blob: URI and returns its origin seems like it should be pretty easy for UAs to implement, though. > > > We actually aren't obliging web pages parse these strings to get the origin. In fact, blob: URL strings shouldn't even be of interest to web pages. They aren't today, and I don't envision them being of interest even with "origin tagging." That is, I can't think of why exactly a web developer would want to look into the blob: URL strings. UA's should just "do the right thing" once a Blob URL is coined. I suspect that some pages will want to check the origin of a url before firing off a load to it. For example complex app frameworks like facebook's. However I agree that this wont be a core use case. So not something to worry too much about. The strongest reason I could see for doing anything here is that when it comes to security it is extra important to en courage people to not do the wrong thing. Though, would simply `URL(url).origin` work? If so that might be enough. / Jonas
Received on Monday, 12 May 2014 16:59:11 UTC