W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2013

Re: File API: why is there same-origin restriction on blob URLs?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Wed, 27 Mar 2013 09:41:25 +0000
Message-ID: <CADnb78hU8uQ26pejcjmJeY+g7730AE_or_zELwz1nMQJM_Cr4A@mail.gmail.com>
To: Jonas Sicking <jonas@sicking.cc>
Cc: WebApps WG <public-webapps@w3.org>, Yehuda Katz <wycats@gmail.com>
On Wed, Mar 27, 2013 at 12:30 AM, Jonas Sicking <jonas@sicking.cc> wrote:
> I think the original concern was that implementations might not be
> able to reliably generate unguessable URLs. Potentially that's
> something that we could require though.

Yeah, think so.

> However we'd still need to nail down what the new behavior should be.
> Should it behave like data: URLs? The main advantage of those is that
> implementations still don't agree on how those should behave.

I'm not sure what that means. I can easily postMessage() a data URL to
an <iframe> of another origin and that <iframe> can then load the data
URL in an <img> and have it work (obviously, as the data URL is

Received on Wednesday, 27 March 2013 09:41:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:59 UTC