- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 12 May 2014 14:28:59 +0200
- To: Arun Ranganathan <arun@mozilla.com>
- Cc: Web Applications Working Group WG <public-webapps@w3.org>, Adam Barth <w3c@adambarth.com>, jonas <jonas@sicking.cc>
On Sun, May 11, 2014 at 9:30 PM, Arun Ranganathan <arun@mozilla.com> wrote: > Useful input from implementers will be about URL-nesting and security > implications, including the pros and cons of URL-encoding components of > origin strings. Well, we don't want "URL nesting" (e.g. what jar: does). Embedding the origin into the URL seems fine. Per the URL Standard scheme data consists of http://url.spec.whatwg.org/#url-code-points which include both : and // so blob:https://origin:42/uuid would be fine. The URL Standard does not define how to parse scheme data though so you'd have to define that if you want implementations to be able to extract data from it. It still seems a bit sad though to tie these URLs to origins in this fashion. Jonas is correct that there are inconsistencies in how data URLs and origins behave across browsers, but it seems like we should sort those out first then if we want a consistent story. -- http://annevankesteren.nl/
Received on Monday, 12 May 2014 12:29:27 UTC