Re: [webappsec] CSP: are blob uri's really just origin='self'?

• From: Ian Melven <ian.melven@gmail.com>
• Date: Fri, 30 Aug 2013 15:06:20 -0700
• To: Brad Hill <hillbrad@gmail.com>
• Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
• Message-ID: <CA+0m=FcfEn76C0_DCsvste-PZi9bidXQM2sg2ii_dSi6yFEN0Q@mail.gmail.com>

also I just noticed the 'blob URIs must only be valid within this origin'
part of what i pasted so i'm now confused about why cross-origin blobs
exist at all :)

ian

Received on Friday, 30 August 2013 22:06:47 UTC