- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 25 Nov 2013 11:29:26 +0000
- To: Garrett Robinson <grobinson@mozilla.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
On Sat, Nov 23, 2013 at 12:02 AM, Garrett Robinson <grobinson@mozilla.com> wrote: > * Workers can link to resources with any mimetype. Iframes can just > link to resources explicitly served as text/html. <iframe> can load much more resource types. But text/html and XML MIME types are the only ones that can also execute script. > * Workers are always same-origin. Iframes can be any origin. > * While workers can't directly read content from the webpage, they can > perform XHR requests to the server, read locally stored data > (including cookies and IDB in the future) and probably in the future > take actions like access geolocation API using the principal of the > opening page. An <iframe> loaded resource can do the same, no? -- http://annevankesteren.nl/
Received on Monday, 25 November 2013 11:29:56 UTC