- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 6 Jun 2013 12:06:43 +0100
- To: "Robert O'Callahan" <robert@ocallahan.org>
- Cc: Jim Barnett <Jim.Barnett@genesyslab.com>, Stefan HÃ¥kansson LK <stefan.lk.hakansson@ericsson.com>, Adam Bergkvist <adam.bergkvist@ericsson.com>, Martin Thomson <martin.thomson@gmail.com>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On Thu, Jun 6, 2013 at 11:49 AM, Robert O'Callahan <robert@ocallahan.org> wrote: > On Thu, Jun 6, 2013 at 7:42 PM, Anne van Kesteren <annevk@annevk.nl> wrote: >> Creating a specialized unreadable stream object for this scenario >> might be better than trying to shoehorn those semantics into origin. > > Origins is how the rest of the Web platform handles this kind of problem. For (most, blob no longer soonish) URLs, sure, but for objects that can be passed around via postMessage() that is not the case. That's more a of a capability-like model. And in general moving in that direction where possible seems better. Origin-based security is not exactly great. -- http://annevankesteren.nl/
Received on Thursday, 6 June 2013 11:07:14 UTC