Re: [w3c/FileAPI] Put policies in the blob URL store (#142)

This (and https://github.com/whatwg/html/issues/4926) cropped up again in an conversation around some things that Google Docs/Drive wants to do with blobs; tl;dr: Google's security team is unhappy with blobs as they exist today, and is uncomfortable approving blob-based flows for dynamically generated content. They'd be much happier if either: a) Blobs inherited the security policies associated with the context that created them, and/or b) Blobs could be constructed in a way that didn't inherit the origin of its creator.

I haven't had time to look into this set of work since TPAC. I'm hoping we can find time in Q2. Is that something Mozilla folks would be interested in collaborating on, Anne?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/FileAPI/issues/142#issuecomment-597698473

Received on Wednesday, 11 March 2020 15:26:05 UTC