W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2012

Re: [whatwg] iframe sandbox and indexedDB

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 7 Sep 2012 04:10:23 +0000 (UTC)
To: Ian Melven <imelven@mozilla.com>
Message-ID: <Pine.LNX.4.64.1209070408530.30734@ps20323.dreamhostps.com>
Cc: whatwg@lists.whatwg.org
On Mon, 6 Aug 2012, Ian Melven wrote:
> 
> the spec at 
> http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag 
> says :
> 
> "This flag also prevents script from reading from or writing to the 
> document.cookie IDL attribute, and blocks access to localStorage."
> 
> it seems that indexedDB access should also be blocked when this flag is 
> set (ie when 'allow-same-origin' is NOT specified for the sandbox 
> attribute).

It is, assuming that IndexedDB is based on the origin of the document. The 
spec doesn't mention it because IndexedDB isn't part of the HTML spec. 
Note that the sentence you cited is non-normative (or rather, it contains 
no normative statements), so that whether it mentions IndexedDB or not 
doesn't change anything about what the spec says.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 7 September 2012 04:10:49 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:45 UTC