- From: Andrew Williams <notifications@github.com>
- Date: Fri, 25 Oct 2024 13:16:58 -0700
- To: w3c/FileAPI <FileAPI@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/FileAPI/pull/201@github.com>
Part of the changes discussed in https://github.com/w3c/FileAPI/issues/153#issuecomment-2330085478
This updates URL.revokeObjectURL to not allow revoking a Blob URL except from contexts with the same Storage Key as the one in which the Blob URL was created. A corresponding PR will update the Fetch spec to incorporate similar Storage Key checks into Blob URL fetches.
I considered incorporating the Storage Key checks into the "resolve a blob URL" algorithm instead, but it seemed that this would require an environment settings object to be available as part of https://url.spec.whatwg.org/#url-parsing, and I'm not sure whether that is the case / a change we want.
For *normative* changes, the following tasks have been completed:
* [x] Modified Web platform tests (link to pull request)
- https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/FileAPI/BlobURL/cross-partition.tentative.https.html
Implementation commitment:
* [x] WebKit - Already implemented partitioning by top-level origin, considering partitioning by top-level site
- https://github.com/w3c/FileAPI/issues/153#issuecomment-2332086739
* [x] Chromium (https://bugs.chromium.org/p/chromium/issues/detail?id=40057646)
* [x] Gecko - Already implemented - https://github.com/w3c/FileAPI/issues/153#issuecomment-2332288047
<!--
This comment and the below content is programmatically generated.
You may add a comma-separated list of anchors you'd like a
direct link to below (e.g. #idl-serializers, #idl-sequence):
Don't remove this comment or modify anything below this line.
If you don't want a preview generated for this pull request,
just replace the whole of this comment's content by "no preview"
and remove what's below.
-->
***
<a href="https://pr-preview.s3.amazonaws.com/recvfrom/FileAPI/pull/201.html" title="Last updated on Oct 25, 2024, 8:16 PM UTC (bb24aca)">Preview</a> | <a href="https://pr-preview.s3.amazonaws.com/w3c/FileAPI/201/f6247a2...recvfrom:bb24aca.html" title="Last updated on Oct 25, 2024, 8:16 PM UTC (bb24aca)">Diff</a>
You can view, comment on, or merge this pull request online at:
https://github.com/w3c/FileAPI/pull/201
-- Commit Summary --
* Partition Blob URL revocation
* Fix duplicate list numbering
-- File Changes --
M index.bs (12)
-- Patch Links --
https://github.com/w3c/FileAPI/pull/201.patch
https://github.com/w3c/FileAPI/pull/201.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/FileAPI/pull/201
You are receiving this because you are subscribed to this thread.
Message ID: <w3c/FileAPI/pull/201@github.com>
Received on Friday, 25 October 2024 20:17:02 UTC