<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>The spec at <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/section-sql.html#sql">http://www.whatwg.org/specs/web-apps/current-work/multipage/section-sql.html#sql</a> states that "<span class="Apple-style-span" style="line-height: 21px; ">Each <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/section-scripting.html#origin0" style="color: rgb(102, 0, 153); background-image: initial; background-repeat: initial; background-attachment: initial; -webkit-background-clip: initial; -webkit-background-origin: initial; background-color: transparent; background-position: initial initial; ">origin</a> has an associated set of databases.<span class="Apple-style-span" style="line-height: normal; ">"</span></span></div><div><br class="webkit-block-placeholder"></div><div><span class="Apple-style-span" style="line-height: 21px; "><span class="Apple-style-span" style="line-height: normal; ">Origins are described at <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/section-scripting.html#origin0">http://www.whatwg.org/specs/web-apps/current-work/multipage/section-scripting.html#origin0</a> and basically boil down to <scheme>,<host>,<port></span></span></div><div><br class="webkit-block-placeholder"></div><div>To me, this implies that a page hosted at "<a href="http://www.foo.com:80/user1">http://www.foo.com:80/user1</a>" has access to all databases that were created by "<a href="http://www.foo.com:80/user2">http://www.foo.com:80/user2</a>"</div><div><br class="webkit-block-placeholder"></div><div>Even if the page at "<a href="http://www.foo.com:80/user1">http://www.foo.com:80/user1</a>" needs to know the database name and the correct version from <a href="http://www.foo.com:80/user2">http://www.foo.com:80/user2</a>", this seems like a glaring security issue.</div><div><br class="webkit-block-placeholder"></div><div>Am I misreading the spec or missing some other detail that would prevent this hole?</div><div><br class="webkit-block-placeholder"></div><div>Thanks,</div><div>Brady</div></body></html>