- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 22 Feb 2011 01:57:30 -0800
- To: gaz Heyes <gazheyes@gmail.com>
- Cc: "sird@rckc.at" <sird@rckc.at>, public-web-security@w3.org
On Tue, Feb 22, 2011 at 1:41 AM, gaz Heyes <gazheyes@gmail.com> wrote: > On 22 February 2011 09:01, Adam Barth <w3c@adambarth.com> wrote: >> > How does this unique origin work? I can't find it defined anywhere. >> >> It's defined in HTML5. > > Maybe it's me but I looked and couldn't find how "globally unique > identifier" is generated. Think of it as a long random number. You can't actually detect how it's generated. >> > 3. Lets say the unique origin uses the about protocol, is each unique >> > protocol classed as a separate domain on each browser, e.g. about:1, >> > about:2 >> > can you set cookies on about:1 then can be read by about:2 >> >> The unique origin does not use the about scheme. > > What does it use? There's no way to tell. In WebKit, it's just a Boolean flag that says "this origin is unique." >> > 4. What if a sandbox allows JavaScript and the location is written >> > somewhere, would that expose the unique origin? >> >> I'm not sure what you mean by that. > > I'm interested in ways to get the unique origin and the regenerate it The easiest way to generate a unique origin is to create an iframe with the sandbox atribute. Adam
Received on Tuesday, 22 February 2011 09:58:34 UTC