- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 05 May 2020 02:54:32 -0700
- To: w3c/FileAPI <FileAPI@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 5 May 2020 09:54:44 UTC
https://privacycg.github.io/storage-partitioning/ has some general background here and https://trac.torproject.org/projects/tor/ticket/15502 is much more specific. @bakulf was thinking that we could restrict blob URL lookup to the agent cluster (in addition to origin, that is). The one tweak I would suggest to that is that navigating a top-level browsing context (including a noopener one) to a blob URL still ought to work. Concretely, this would mean that if you have `https://example.com/` open twice, in separate browsing context groups, any blob URLs they mint cannot be used by the other. The one gotcha with the tweak I suggested is that the other could observe existence through a popup then. Now that's an attack that's unlikely to yield anything useful in practice, but we could break that too by forcing noopener or a version of COOP that never matches (and thus always creates a new browsing context group). We suspect this to be web-compatible and are happy to try it out in Firefox. cc @mkruisselbrink @hober @SubhamoyS -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/FileAPI/issues/153
Received on Tuesday, 5 May 2020 09:54:44 UTC