- From: Ian Hickson <ian@hixie.ch>
- Date: Fri, 7 Sep 2012 04:10:23 +0000 (UTC)
- To: Ian Melven <imelven@mozilla.com>
- Cc: whatwg@lists.whatwg.org
On Mon, 6 Aug 2012, Ian Melven wrote: > > the spec at > http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag > says : > > "This flag also prevents script from reading from or writing to the > document.cookie IDL attribute, and blocks access to localStorage." > > it seems that indexedDB access should also be blocked when this flag is > set (ie when 'allow-same-origin' is NOT specified for the sandbox > attribute). It is, assuming that IndexedDB is based on the origin of the document. The spec doesn't mention it because IndexedDB isn't part of the HTML spec. Note that the sentence you cited is non-normative (or rather, it contains no normative statements), so that whether it mentions IndexedDB or not doesn't change anything about what the spec says. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 7 September 2012 04:10:49 UTC