- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 2 Jun 2014 11:25:03 +0200
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: Adam Barth <w3c@adambarth.com>, Joel Weinberger <jww@google.com>, Boris Zbarsky <bzbarsky@mit.edu>, WebApps WG <public-webapps@w3.org>
On Fri, May 30, 2014 at 2:07 AM, Jonas Sicking <jonas@sicking.cc> wrote: > On Thu, May 29, 2014 at 9:21 AM, Anne van Kesteren <annevk@annevk.nl> wrote: >> Given that workers execute script in a fairly contained way, it might be okay? > > Worker scripts aren't going to be very contained as we add more APIs > to workers. They can already read any data from the server (through > XHR) and much local data (through IDB). > > I'd definitely want them not to inherit the origin, the question is if > that's web compatible at this point. Maybe we can allow them to > execute but as a sandboxed origin? Good point. We'll have to investigate how much we can do there. I followed up on the WHATWG list with regards to aligning Fetch and HTML with the new policy. I also filed a bug on Gecko. * http://lists.w3.org/Archives/Public/public-whatwg-archive/2014Jun/0002.html * https://bugzilla.mozilla.org/show_bug.cgi?id=1018872 -- http://annevankesteren.nl/
Received on Monday, 2 June 2014 09:25:31 UTC