- From: Anne van Kesteren <notifications@github.com>
- Date: Tue, 03 Dec 2024 07:30:18 -0800
- To: w3c/FileAPI <FileAPI@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/FileAPI/pull/201/review/2476037468@github.com>
@annevk commented on this pull request.
This looks good to me modulo nits. Would be good if @mkruisselbrink had another look as well.
> @@ -1512,15 +1512,29 @@ A [=blob URL store=] is a [=map=]
where [=map/keys=] are [=valid URL strings=]
and [=map/values=] are [=blob URL Entries=].
-A <dfn export>blob URL entry</dfn> consists of
-an <dfn export for="blob URL entry">object</dfn> (of type {{Blob}} or {{MediaSource}}),
-and an <dfn export for="blob URL entry">environment</dfn> (an [=environment settings object=]).
+A <dfn export>blob URL entry</dfn> consists of an <i>object</i> (of type {{Blob}} or
I would keep it as a `<dfn>` so it links internally. Just don't add `export`.
> @@ -1512,15 +1512,29 @@ A [=blob URL store=] is a [=map=]
where [=map/keys=] are [=valid URL strings=]
and [=map/values=] are [=blob URL Entries=].
-A <dfn export>blob URL entry</dfn> consists of
-an <dfn export for="blob URL entry">object</dfn> (of type {{Blob}} or {{MediaSource}}),
-and an <dfn export for="blob URL entry">environment</dfn> (an [=environment settings object=]).
+A <dfn export>blob URL entry</dfn> consists of an <i>object</i> (of type {{Blob}} or
+{{MediaSource}}), and an <dfn export for="blob URL entry">environment</dfn> (an
+[=environment settings object=]).
+
+Note: Specifications must use the [=obtain a blob object=] algorithm to access a
```suggestion
Note: Specifications have to use the [=obtain a blob object=] algorithm to access a
```
You cannot use must in a note. (Explained in Infra if you want context.)
> @@ -1595,6 +1609,22 @@ as the serialization of the origin of the environment that created the blob URL,
but for opaque origins the origin itself might be distinct. This difference isn't
observable though, since a revoked blob URL can't be resolved/fetched anymore anyway.
+### Access restrictions on blob URLs ### {#partitioningOfBlobUrls}
+
+<a>Blob URLs</a> can only be fetched from environments where the [=storage key=] matches that of
+the environment where the <a>blob URL</a> was created. <a>blob URL</a> navigations are not subject
+to this restriction.
+
+<div algorithm="checkForSamePartitionBlobUrlUsage">
+To <dfn export id=blob-url-partition-check>check for same-partition blob URL usage</dfn> given a [=blob URL entry=] |blobUrlEntry| and an [=environment settings object=] |environment|:
+
+1. Let |blobStorageKey| be the result of [=obtaining a storage key for non-storage purposes=] with |blobUrlEntry|'s [=blob URL entry/environment=].
+1. Let |environmentStorageKey| be the result of [=obtaining a storage key for non-storage purposes=] with |environment|.
+1. If |blobStorageKey| is not [=storage key/equal=] to |environmentStorageKey|, then return false.
+1. Otherwise, return true.
No need for Otherwise when you return early.
```suggestion
1. Return true.
```
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/FileAPI/pull/201#pullrequestreview-2476037468
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/FileAPI/pull/201/review/2476037468@github.com>
Received on Tuesday, 3 December 2024 15:30:22 UTC