[whatwg] iframe sandbox and indexedDB
imelven at mozilla.com
Mon Aug 6 17:08:39 PDT 2012
the spec at http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag
"This flag also prevents script from reading from or writing to the document.cookie IDL attribute, and blocks access to localStorage."
it seems that indexedDB access should also be blocked when this flag is set (ie when 'allow-same-origin' is NOT specified for the sandbox attribute).
i intend to implement this restriction in Gecko, feedback from other implementors is welcome :)
More information about the whatwg