Re: [webappsec] CSP: are blob uri's really just origin='self'? from Ian Melven on 2013-08-30 (public-webappsec@w3.org from August 2013)

From: Ian Melven <ian.melven@gmail.com>
Date: Fri, 30 Aug 2013 15:10:55 -0700
To: Kyle Huey <me@kylehuey.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CA+0m=FchqSq9uDi_3hTgBZUqhdzwGUrH247SSceYQ6K2zepLVA@mail.gmail.com>

ah ok, that makes a lot of sense - thank you Kyle !

ian



On Fri, Aug 30, 2013 at 3:08 PM, Kyle Huey <me@kylehuey.com> wrote:

> Blob URIs and Blobs are different things.  The idea is that you can
> postMessage a Blob across boundaries but if you send over a URI string it
> won't work.
>
> - Kyle
>
>
> On Fri, Aug 30, 2013 at 3:06 PM, Ian Melven <ian.melven@gmail.com> wrote:
>
>> also I just noticed the 'blob URIs must only be valid within this origin'
>> part of what i pasted so i'm now confused about why cross-origin blobs
>> exist at all :)
>>
>> ian
>>
>>
>

Received on Friday, 30 August 2013 22:11:23 UTC