W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2015

Re: postMessage, workers and sandboxing

From: Deian Stefan <deian@cs.stanford.edu>
Date: Fri, 30 Jan 2015 14:06:07 -0800
To: Brad Hill <hillbrad@gmail.com>, "public-webappsec\@w3.org" <public-webappsec@w3.org>
Message-ID: <87mw4z7wkw.fsf@cs.stanford.edu>
Brad Hill <hillbrad@gmail.com> writes:

> Well, cross-origin workers don't exist yet, so I wouldn't rule anything out
> completely.  But I would suggest that a pretty compelling case will have to
> be made for the advantages of doing so compared to the costs of introducing
> incompatibilities with how they work in same-origin workers.  Changing how
> they work in same-origin workers is will be VERY hard, given the existing
> deployments of workers.

Since existing workers don't check the origin I think that such a change
would be backwards-compatible. Regardless, I don't have a compelling use
case for this in the same-origin case -- if anything comes up I will
bright it back up here.

And thanks for digging into this, Brad!

Thanks,
Deian
Received on Friday, 30 January 2015 22:06:32 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:09 UTC