[whatwg] iframe sandbox and indexedDB
Ian Melven
imelven at mozilla.com
Mon Aug 6 17:08:39 PDT 2012
Hi,
the spec at http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag
says :
"This flag also prevents script from reading from or writing to the document.cookie IDL attribute, and blocks access to localStorage."
it seems that indexedDB access should also be blocked when this flag is set (ie when 'allow-same-origin' is NOT specified for the sandbox attribute).
i intend to implement this restriction in Gecko, feedback from other implementors is welcome :)
thanks !
Ian
More information about the whatwg
mailing list