[whatwg] Feedback on Web Worker specification

Jeffrey Pfau jpfau at apple.com
Wed Aug 22 13:29:22 PDT 2012


While working on enhancing WebKit's privacy infrastructure, I noticed that shared workers don't have a UA security policy escape clause like localStorage and other APIs. The process to create a shared worker does not allow UAs to abort creation with a SecurityError if it decides that a document, origin, or script violates the UA's security policy.

Adding something like the following (based on the localStorage policy clause) to the SharedWorker constructor steps would help:

The user agent may throw a SecurityError exception instead of returning a SharedWorker object if the request violates a policy decision (e.g. if the user agent is configured to not allow the  script to share data).

What do you think?


More information about the whatwg mailing list