[whatwg] iframe sandbox and indexedDB
Ian Hickson
ian at hixie.ch
Thu Sep 6 21:10:23 PDT 2012
On Mon, 6 Aug 2012, Ian Melven wrote:
>
> the spec at
> http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag
> says :
>
> "This flag also prevents script from reading from or writing to the
> document.cookie IDL attribute, and blocks access to localStorage."
>
> it seems that indexedDB access should also be blocked when this flag is
> set (ie when 'allow-same-origin' is NOT specified for the sandbox
> attribute).
It is, assuming that IndexedDB is based on the origin of the document. The
spec doesn't mention it because IndexedDB isn't part of the HTML spec.
Note that the sentence you cited is non-normative (or rather, it contains
no normative statements), so that whether it mentions IndexedDB or not
doesn't change anything about what the spec says.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list