- From: Adam Barth <w3c@adambarth.com>
- Date: Sun, 24 Feb 2013 20:30:30 -0800
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WHATWG <whatwg@whatwg.org>
I don't think there is a security problem with that. It's just a question of how much it complicates the model. Adam On Sun, Feb 24, 2013 at 10:32 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > Say <img> does a cross-origin request. The response to that request is > a redirect with the appropriate CORS headers set. The new location is > a data URL. Should that URL be tainted or not? I tend to think we > should make that work. > > (By the way, if you're interested. I'm working on a new specification > that merges HTML fetch and CORS, named Fetch. > http://wiki.whatwg.org/wiki/Fetch has the rough outline so far, > including an algorithm at the bottom. The idea is that everything in > the platform that does network requests ties into that (in particular > the fetch function which dispatches as appropriate).) > > > -- > http://annevankesteren.nl/
Received on Monday, 25 February 2013 04:31:30 UTC