[whatwg] Should DOM storage objects be mapped by an "effective script origin" rather then just an "origin"?
honzab at allpeers.com
Tue May 26 00:31:15 PDT 2009
See also mozilla bug https://bugzilla.mozilla.org/show_bug.cgi?id=494799
Effective script origin driven by document.domain is used to allow
sharing of properties and data among pages coming from different
subdomains. Should this "data sharing" apply also to sessionStorage and
localStorage? It means: having page load from http://test.mysite.com
accessing sessionStorage would get sessionStorage bound to
http://test.mysite.com. When that same page than changes document.domain
to http://mysite.com, sessionStorage it gets now should be a different
object, bound to http://mysite.com. A reason to do this is also because
of security checking. The subject's origin changes to http://mysite.com
and access to sessionStorage bound to http://test.mysite.com should not
be allowed (origins are not equal).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg