[whatwg] globalStorage scope issue from Ian Hickson on 2005-11-14 (public-whatwg-archive@w3.org from November 2005)

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 14 Nov 2005 20:27:08 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0511142024520.9929@dhalsim.dreamhost.com>

On Mon, 14 Nov 2005, Hallvord R M Steen wrote:
> 
> globalStorage['example.co.uk'] should not be available to 'co.uk' as a 
> whole. There is no clear distinction between chopping one part off and 
> going from 'www.example.org' to 'example.org' and going from 
> 'example.co.uk' to 'co.uk'.

"Accessible to co.uk" does not mean "Accessible to *.co.uk". If you can 
get a host to respond to http://co.uk/, then I see no reason why it 
shouldn't be able to see http://example.co.uk/'s data.

Why would you want to restrict this? It's specifically designed to work in 
the scenarios that cookies fail in.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 14 November 2005 12:27:08 UTC