- From: Mike Wilson <mikewse@hotmail.com>
- Date: Fri, 28 Aug 2009 09:25:25 +0200
[branching off from discussion on "SharedWorkers and the name parameter"] Ian Hickson wrote: > On Sun, 16 Aug 2009, Mike Wilson wrote: > > Drew Wilson wrote: > > > [...] the SharedWorker name becomes > > > essentially a shared global namespace across all > > > pages in a single origin. This causes problems > > > when you have multiple pages under the same domain > > > (ala geocities.com) - the pages all need to > > > coordinate in their use of "name". > > > > I agree with you that this is a problem, and the > > same problem exists in WebStorage (storage areas are > > set up per origin). F ex, the sites > > http://www.google.com/calendar and > > http://www.google.com/reader, and every other site > > based off www.google.com will compete for the same > > keys in one big shared storage area. > > > > It seems lately everything is being based on having > > unique host names, and path is not being considered > > anymore, which I think it should. > > The reason it's not is that it would mislead people > into thinking that you could do things safely based > just on the path, which you can't. A script could > trivially poke into another path's databases or cookies, > e.g. I see what you mean. The ideal thing would be if we could implement path-based security with the same construct that adds path-based namespacing. I realize the problem of backwards-compat, but have there been any efforts or definitive conclusions made in this area? Best regards Mike
Received on Friday, 28 August 2009 00:25:25 UTC