W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2014

Re: Data URL Origin (Was: Blob URL Origin)

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 2 Jun 2014 11:25:03 +0200
Message-ID: <CADnb78goddpLEB5OhKCABmc_C9+0dMWV7c7NhVCx9_Qw0UOA-g@mail.gmail.com>
To: Jonas Sicking <jonas@sicking.cc>
Cc: Adam Barth <w3c@adambarth.com>, Joel Weinberger <jww@google.com>, Boris Zbarsky <bzbarsky@mit.edu>, WebApps WG <public-webapps@w3.org>
On Fri, May 30, 2014 at 2:07 AM, Jonas Sicking <jonas@sicking.cc> wrote:
> On Thu, May 29, 2014 at 9:21 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> Given that workers execute script in a fairly contained way, it might be okay?
>
> Worker scripts aren't going to be very contained as we add more APIs
> to workers. They can already read any data from the server (through
> XHR) and much local data (through IDB).
>
> I'd definitely want them not to inherit the origin, the question is if
> that's web compatible at this point. Maybe we can allow them to
> execute but as a sandboxed origin?

Good point. We'll have to investigate how much we can do there. I
followed up on the WHATWG list with regards to aligning Fetch and HTML
with the new policy. I also filed a bug on Gecko.

*  http://lists.w3.org/Archives/Public/public-whatwg-archive/2014Jun/0002.html
* https://bugzilla.mozilla.org/show_bug.cgi?id=1018872


-- 
http://annevankesteren.nl/
Received on Monday, 2 June 2014 09:25:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:24 UTC