Re: CSP Directive Proposal: Sandbox from gaz Heyes on 2011-02-22 (public-web-security@w3.org from February 2011)

From: gaz Heyes <gazheyes@gmail.com>
Date: Tue, 22 Feb 2011 09:41:13 +0000
To: Adam Barth <w3c@adambarth.com>
Cc: "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
Message-ID: <AANLkTi=q08mLkDsTEQM_Ya=td2n05RenCxN5gBuqDdTu@mail.gmail.com>

On 22 February 2011 09:01, Adam Barth <w3c@adambarth.com> wrote:

> > How does this unique origin work? I can't find it defined anywhere.
>
> It's defined in HTML5.
>

Maybe it's me but I looked and couldn't find how "globally unique
identifier" is generated.


> > 3. Lets say the unique origin uses the about protocol, is each unique
> > protocol classed as a separate domain on each browser, e.g. about:1,
> about:2
> > can you set cookies on about:1 then can be read by about:2
>
> The unique origin does not use the about scheme.
>

What does it use?



> > 4. What if a sandbox allows JavaScript and the location is written
> > somewhere, would that expose the unique origin?
>
> I'm not sure what you mean by that.
>

I'm interested in ways to get the unique origin and the regenerate it

Received on Tuesday, 22 February 2011 09:41:45 UTC