W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

Re: [webappsec] CSP: are blob uri's really just origin='self'?

From: Ian Melven <ian.melven@gmail.com>
Date: Fri, 30 Aug 2013 15:06:20 -0700
Message-ID: <CA+0m=FcfEn76C0_DCsvste-PZi9bidXQM2sg2ii_dSi6yFEN0Q@mail.gmail.com>
To: Brad Hill <hillbrad@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>

also I just noticed the 'blob URIs must only be valid within this origin'
part of what i pasted so i'm now confused about why cross-origin blobs
exist at all :)

ian

Received on Friday, 30 August 2013 22:06:47 UTC

This message: [ Message body ]
Next message: Kyle Huey: "Re: [webappsec] CSP: are blob uri's really just origin='self'?"
Previous message: Ian Melven: "Re: [webappsec] CSP: are blob uri's really just origin='self'?"
In reply to: Brad Hill: "Re: [webappsec] CSP: are blob uri's really just origin='self'?"
Next in thread: Kyle Huey: "Re: [webappsec] CSP: are blob uri's really just origin='self'?"
Reply: Kyle Huey: "Re: [webappsec] CSP: are blob uri's really just origin='self'?"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:34 UTC