W3C home > Mailing lists > Public > public-webappsec@w3.org > August 2013

Re: [webappsec] CSP: are blob uri's really just origin='self'?

From: Kyle Huey <me@kylehuey.com>
Date: Fri, 30 Aug 2013 15:08:43 -0700
Message-ID: <CAP045ApxZLv9vNc=m=BnSHDRMkFjupNztLD3L4T2baKu5wGCDQ@mail.gmail.com>
To: Ian Melven <ian.melven@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Blob URIs and Blobs are different things.  The idea is that you can
postMessage a Blob across boundaries but if you send over a URI string it
won't work.

- Kyle


On Fri, Aug 30, 2013 at 3:06 PM, Ian Melven <ian.melven@gmail.com> wrote:

> also I just noticed the 'blob URIs must only be valid within this origin'
> part of what i pasted so i'm now confused about why cross-origin blobs
> exist at all :)
>
> ian
>
>
Received on Friday, 30 August 2013 22:09:09 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC