[whatwg] Caching offline Web applications
Ian Hickson
ian at hixie.ch
Tue Oct 21 12:47:43 PDT 2008
On Tue, 21 Oct 2008, Dave Camp wrote:
> On Fri, Oct 17, 2008 at 6:36 PM, Ian Hickson <ian at hixie.ch> wrote:
> > Summary of changes:
>
> > * Made application caches scoped to their browsing context, and allowed
> > iframes to start new scopes. By default the contents of an iframe are
> > part of the appcache of the parent, but if you declare a manifest, you
> > get your own cache.
>
> Should this inheritance be subject to the same origin restriction
> enforced while selecting a cache during navigation?
The same-origin restriction is intended to prevent people from setting up
their manifests such that another site will stop being fetched from the
net. In an iframe, the risk isn't present, since you have to go to the
evil site in the first place, and it has to explicitly pick the victim
site in an iframe. Since you can't tell what the URL of the victim iframe
content is anyway, there's no practical difference between it being on a
remote site or the same site, as far as i can tell.
No?
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list