W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2014

Re: Blob URL Origin

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 12 May 2014 14:28:59 +0200
Message-ID: <CADnb78jE9hRRdDpdYzDpRV918Zz1J2m6L41hEwJZ=dLXUCVpoA@mail.gmail.com>
To: Arun Ranganathan <arun@mozilla.com>
Cc: Web Applications Working Group WG <public-webapps@w3.org>, Adam Barth <w3c@adambarth.com>, jonas <jonas@sicking.cc>
On Sun, May 11, 2014 at 9:30 PM, Arun Ranganathan <arun@mozilla.com> wrote:
> Useful input from implementers will be about URL-nesting and security
> implications, including the pros and cons of URL-encoding components of
> origin strings.

Well, we don't want "URL nesting" (e.g. what jar: does). Embedding the
origin into the URL seems fine.

Per the URL Standard scheme data consists of
http://url.spec.whatwg.org/#url-code-points which include both : and
// so blob:https://origin:42/uuid would be fine. The URL Standard does
not define how to parse scheme data though so you'd have to define
that if you want implementations to be able to extract data from it.

It still seems a bit sad though to tie these URLs to origins in this
fashion. Jonas is correct that there are inconsistencies in how data
URLs and origins behave across browsers, but it seems like we should
sort those out first then if we want a consistent story.

Received on Monday, 12 May 2014 12:29:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:24 UTC