- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 2 Jun 2010 17:35:29 -0700
- To: arun@mozilla.com
- Cc: Jian Li <jianli@chromium.org>, Web Applications Working Group WG <public-webapps@w3.org>, public-device-apis <public-device-apis@w3.org>
On Wed, Jun 2, 2010 at 5:26 PM, Arun Ranganathan <arun@mozilla.com> wrote: > On 6/2/10 5:06 PM, Jian Li wrote: >> >> Hi, Arun, >> >> I have one question regarding the scheme for Blob.url. The latest spec >> says >> that "The proposed URL scheme is filedata:. Mozilla already ships with >> moz-filedata:". Since the URL is now part of the Blob and it could be used >> to refer to both file data blob and binary data blob, should we consider >> making the scheme as "blobdata:" for better generalization? In addition, >> we're thinking it will probably be a good practice to encode the security >> origin in the blob URL scheme, like blobdata: >> http://example.com/33c6401f-8779-4ea2-9a9b-1b725d6cd50b. This will make >> doing the security origin check easier when a page tries to access the >> blob >> url that is created in another process, under multi-process architecture. >> > > This is a good suggestion. I particularly like the idea of encoding the > origin as part of the scheme. Though we want to avoid introducing the concept of nested schemes to the web. While mozilla already uses nested schemes (jar:http://... and view-source:http://...) I know others, in particular Apple, have expressed a dislike for this in the past. And with good reason, it's not easy to implement and has been a source of numerous security bugs. That said, it's certainly possible. / Jonas
Received on Thursday, 3 June 2010 00:36:30 UTC