[whatwg] globalStorage scope issue
ian at hixie.ch
Mon Nov 14 12:27:08 PST 2005
On Mon, 14 Nov 2005, Hallvord R M Steen wrote:
> globalStorage['example.co.uk'] should not be available to 'co.uk' as a
> whole. There is no clear distinction between chopping one part off and
> going from 'www.example.org' to 'example.org' and going from
> 'example.co.uk' to 'co.uk'.
"Accessible to co.uk" does not mean "Accessible to *.co.uk". If you can
get a host to respond to http://co.uk/, then I see no reason why it
shouldn't be able to see http://example.co.uk/'s data.
Why would you want to restrict this? It's specifically designed to work in
the scenarios that cookies fail in.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg