[whatwg] iframe sandbox and indexedDB from Ian Melven on 2012-08-07 (public-whatwg-archive@w3.org from August 2012)

From: Ian Melven <imelven@mozilla.com>
Date: Mon, 6 Aug 2012 17:08:39 -0700 (PDT)
To: whatwg@lists.whatwg.org
Message-ID: <1645013958.652832.1344298119151.JavaMail.root@mozilla.com>

Hi,

the spec at http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag
says :

"This flag also prevents script from reading from or writing to the document.cookie IDL attribute, and blocks access to localStorage."

it seems that indexedDB access should also be blocked when this flag is set (ie when 'allow-same-origin' is NOT specified for the sandbox attribute).

i intend to implement this restriction in Gecko, feedback from other implementors is welcome :)

thanks !
Ian

Received on Tuesday, 7 August 2012 00:09:22 UTC