Re: Blob URL Origin from Arun Ranganathan on 2014-05-11 (public-webapps@w3.org from April to June 2014)

From: Arun Ranganathan <arun@mozilla.com>
Date: Sun, 11 May 2014 15:30:49 -0400
To: Web Applications Working Group WG <public-webapps@w3.org>
Cc: Adam Barth <w3c@adambarth.com>, jonas <jonas@sicking.cc>, Anne Van Kesteren <annevk@annevk.nl>
Message-Id: <11E96161-2C25-4025-A0CE-343B094C276F@mozilla.com>

On May 9, 2014, at 5:29 PM, Arun Ranganathan <arun@mozilla.com> wrote:

> Only Firefox follows the letter of the present day specification correctly.



It’s been pointed out in off-list correspondence that this statement is a bit misleading. ALL current browsers do follow the specification correctly, but because of RFC2119 language not being strict on what MUST be implemented, but only a suggestion about what SHOULD be implemented:

http://dev.w3.org/2006/webapi/FileAPI/#DefinitionOfScheme

Also, no string in JavaScript is truly opaque; this should also be fixed.

Useful input from implementers will be about URL-nesting and security implications, including the pros and cons of URL-encoding components of origin strings.

— A*

Received on Sunday, 11 May 2014 19:31:23 UTC