[whatwg] iframe sandbox and indexedDB

Ian Melven imelven at mozilla.com
Mon Aug 6 17:08:39 PDT 2012


the spec at http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag
says :

"This flag also prevents script from reading from or writing to the document.cookie IDL attribute, and blocks access to localStorage."

it seems that indexedDB access should also be blocked when this flag is set (ie when 'allow-same-origin' is NOT specified for the sandbox attribute).

i intend to implement this restriction in Gecko, feedback from other implementors is welcome :)

thanks !

More information about the whatwg mailing list