- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 26 Mar 2013 21:17:31 +0000
- To: WebApps WG <public-webapps@w3.org>
- Cc: Yehuda Katz <wycats@gmail.com>
Hi, Is there any particular reason why we restrict blob URLs to the same origin as the script that created them? In effect they are pretty much like capability URLs (containing an unguessable token). So if someone decides to share one, that should be okay I think. This would be useful in the context of sandboxed code (<iframe sandbox>) and presumably elsewhere too. Cheers, -- http://annevankesteren.nl/
Received on Tuesday, 26 March 2013 21:17:58 UTC