Re: [whatwg] iframe sandbox and indexedDB

On Mon, 6 Aug 2012, Ian Melven wrote:
> 
> the spec at 
> http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag 
> says :
> 
> "This flag also prevents script from reading from or writing to the 
> document.cookie IDL attribute, and blocks access to localStorage."
> 
> it seems that indexedDB access should also be blocked when this flag is 
> set (ie when 'allow-same-origin' is NOT specified for the sandbox 
> attribute).

It is, assuming that IndexedDB is based on the origin of the document. The 
spec doesn't mention it because IndexedDB isn't part of the HTML spec. 
Note that the sentence you cited is non-normative (or rather, it contains 
no normative statements), so that whether it mentions IndexedDB or not 
doesn't change anything about what the spec says.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 7 September 2012 04:10:49 UTC