W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2005

[whatwg] globalStorage scope issue

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 14 Nov 2005 20:27:08 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0511142024520.9929@dhalsim.dreamhost.com>
On Mon, 14 Nov 2005, Hallvord R M Steen wrote:
> 
> globalStorage['example.co.uk'] should not be available to 'co.uk' as a 
> whole. There is no clear distinction between chopping one part off and 
> going from 'www.example.org' to 'example.org' and going from 
> 'example.co.uk' to 'co.uk'.

"Accessible to co.uk" does not mean "Accessible to *.co.uk". If you can 
get a host to respond to http://co.uk/, then I see no reason why it 
shouldn't be able to see http://example.co.uk/'s data.

Why would you want to restrict this? It's specifically designed to work in 
the scenarios that cookies fail in.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 14 November 2005 12:27:08 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:24 UTC