W3C home > Mailing lists > Public > www-dom@w3.org > January to March 2014

Re: Data uri origin inheritance

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 15 Jan 2014 10:34:15 -0500
Message-ID: <52D6AA77.9010802@mit.edu>
To: www-dom@w3.org
On 1/15/14 8:00 AM, Joćo Eiras wrote:
>  From what I understood, if I have some navigation action from A to B
> with a data uri, B will inherit the origin from A

How are you doing the navigation, exactly?

> But if that navigation action is triggered by a script, B
> will inherit the origin of the Window under which the script ran. Correct ?

It will alias the origin and effective script origin of whatever window 
was incumbent at the point the navigation was triggered.

> Is there any
> situation where the script would be in a different origin from A ? The
> only thing I came up with was fiddling with document.domain

I believe that's correct for the origin bits.

But note that there are things other than origin that we may want to 
inherit here.  For example, CSP settings.

> have A still, have a third C document in an iframe which runs in a sub-domain
> of A, assign document.domain and run a script in C which tells A to
> navigate to the data uri.

I think that testcase is backwards.  You want to run a script in C 
(whether triggered by A or not) and that script directly navigates B. 
In that situation B will alias the origin of C.

> In what other ways is this possible to test ? What's the use case for
> this ?

The use case for data: URIs aliasing origins at all?  Or for the 
specific determination of which origin to alias when you're navigated 
from JS and the callstack has stackframes from different origins?

Received on Wednesday, 15 January 2014 15:34:43 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 10:46:22 UTC