- From: J.C. Jones <notifications@github.com>
- Date: Thu, 08 Jun 2017 07:47:23 -0700
- To: w3c/IndexedDB <IndexedDB@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 8 June 2017 14:47:55 UTC
I was reviewing the current editor's draft for security issues and didn't find anything substantial (yay). That said, you may want to add an implementation note: The algorithm for opening a database leaves unspecified how a user agent should store the database, but permits an arbitrary database name. Implementations should be careful that the database name, if converted into some kind of disk path, be appropriately escaped so an adversary can't use `../` or similar to violate the same-origin policy. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/IndexedDB/issues/207
Received on Thursday, 8 June 2017 14:47:55 UTC