W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2013

Re: [webappsec] CSP: are blob uri's really just origin='self'?

From: Anne van Kesteren <annevk@annevk.nl>
Date: Tue, 3 Sep 2013 10:37:30 +0100
Message-ID: <CADnb78i=b8f9DOeZgobpnqXPSAbhPQpRY54bji+02gALLgqL7A@mail.gmail.com>
To: Ian Melven <ian.melven@gmail.com>
Cc: Brad Hill <hillbrad@gmail.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Aug 30, 2013 at 10:26 PM, Ian Melven <ian.melven@gmail.com> wrote:
> according to http://www.w3.org/TR/FileAPI/#originOfBlob :
>
> The origin of a Blob URI must be the origin of the script that called
> URL.createObjectURL. Blob URIs must only be valid within this origin.

Please please please, never read TR! This requirement has been
removed: http://dev.w3.org/2006/webapi/FileAPI/


-- 
http://annevankesteren.nl/
Received on Tuesday, 3 September 2013 09:37:57 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:02 UTC