[whatwg] Feedback on Web Worker specification
jpfau at apple.com
Wed Aug 22 13:29:22 PDT 2012
While working on enhancing WebKit's privacy infrastructure, I noticed that shared workers don't have a UA security policy escape clause like localStorage and other APIs. The process to create a shared worker does not allow UAs to abort creation with a SecurityError if it decides that a document, origin, or script violates the UA's security policy.
Adding something like the following (based on the localStorage policy clause) to the SharedWorker constructor steps would help:
The user agent may throw a SecurityError exception instead of returning a SharedWorker object if the request violates a policy decision (e.g. if the user agent is configured to not allow the script to share data).
What do you think?
More information about the whatwg