W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] Same origin - Blob and FileSystem URLs

From: Adam Barth <w3c@adambarth.com>
Date: Fri, 14 Oct 2011 01:45:49 -0700
Message-ID: <CAJE5ia9gyyYCmELTGqEmZrz78V8UhBnJE-=C_YBO4e3v_beJfw@mail.gmail.com>
2011/10/12 Bronislav Klu?ka <Bronislav.Klucka at bauglir.com>:
> On 12.10.2011 16:32, Kyle Huey wrote:
>>
>> 2011/10/12 Bronislav Klu?ka<Bronislav.Klucka at bauglir.com>
>>
>>> Hello
>>> Certain parts of spesc are covering how to work with resources identified
>>> by URL and same-origin issue (download attribute, canvas)
>>> looking at same-origin algorithm
>>> http://www.whatwg.org/specs/**web-apps/current-work/**
>>>
>>> multipage/origin-0.html#same-**origin<http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#same-origin>
>>> I'm wondering about Blob URL and FileSystem API URL. Those are not
>>> conventional URL but they are named as "URL" and one can work with them
>>> the
>>> same as with regular URL. How does the same-origin policy apply to those
>>> URLs?
>>>
>>> Bronislav Klucka
>>>
>>>
>> Per spec, Blob URIs are same origin with the script that created them.
>> ?See
>> http://dev.w3.org/2006/webapi/FileAPI/#originOfBlob
>>
>> - Kyle
>
> May I assume that
> http://www.w3.org/TR/file-system-api/#widl-Entry-toURL
> is also the same-origin as the originator script origin?

Technically, they're same-origin with the storage area that stores the
file.  Under normal circumstances, that will be the same as the script
that calls that API, but it's not always the same.

Adam
Received on Friday, 14 October 2011 01:45:49 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC