- From: Adam Barth <w3c@adambarth.com>
- Date: Fri, 14 Oct 2011 01:45:49 -0700
2011/10/12 Bronislav Klu?ka <Bronislav.Klucka at bauglir.com>: > On 12.10.2011 16:32, Kyle Huey wrote: >> >> 2011/10/12 Bronislav Klu?ka<Bronislav.Klucka at bauglir.com> >> >>> Hello >>> Certain parts of spesc are covering how to work with resources identified >>> by URL and same-origin issue (download attribute, canvas) >>> looking at same-origin algorithm >>> http://www.whatwg.org/specs/**web-apps/current-work/** >>> >>> multipage/origin-0.html#same-**origin<http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#same-origin> >>> I'm wondering about Blob URL and FileSystem API URL. Those are not >>> conventional URL but they are named as "URL" and one can work with them >>> the >>> same as with regular URL. How does the same-origin policy apply to those >>> URLs? >>> >>> Bronislav Klucka >>> >>> >> Per spec, Blob URIs are same origin with the script that created them. >> ?See >> http://dev.w3.org/2006/webapi/FileAPI/#originOfBlob >> >> - Kyle > > May I assume that > http://www.w3.org/TR/file-system-api/#widl-Entry-toURL > is also the same-origin as the originator script origin? Technically, they're same-origin with the storage area that stores the file. Under normal circumstances, that will be the same as the script that calls that API, but it's not always the same. Adam
Received on Friday, 14 October 2011 01:45:49 UTC