W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2012

[whatwg] Feedback on Web Worker specification

From: Jeffrey Pfau <jpfau@apple.com>
Date: Wed, 22 Aug 2012 13:29:22 -0700
Message-id: <AFB58051-7AAB-464A-A04B-B9E852BCF17A@apple.com>
To: "whatwg@whatwg.org" <whatwg@whatwg.org>
Hi,

While working on enhancing WebKit's privacy infrastructure, I noticed that shared workers don't have a UA security policy escape clause like localStorage and other APIs. The process to create a shared worker does not allow UAs to abort creation with a SecurityError if it decides that a document, origin, or script violates the UA's security policy.

Adding something like the following (based on the localStorage policy clause) to the SharedWorker constructor steps would help:

The user agent may throw a SecurityError exception instead of returning a SharedWorker object if the request violates a policy decision (e.g. if the user agent is configured to not allow the  script to share data).

What do you think?

Jeffrey
Received on Wednesday, 22 August 2012 20:29:34 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:44 UTC