[whatwg] iframe sandbox and indexedDB
ian at hixie.ch
Thu Sep 6 21:14:25 PDT 2012
On Mon, 6 Aug 2012, Ian Melven wrote:
> Adom wrote:
> > Yes. I think this is actually a consequence of having a unique origin
> > and doesn't need to be stated explicitly in the spec. (Although we
> > might want to state it explicitly for the avoidance of doubt.)
> yeah, i can see how this situation behaves being implementation
> dependent - some implementations might allow storing data for the unique
> origin, which seems undesirable. So, it might be worth stating the
> restriction explicitly, as it is for LocalStorage.
The restriction on localStorage is just because of the following
requirement in the Web Storage chapter:
2. If the Document's origin is not a scheme/host/port tuple, then throw a
SecurityError exception and abort these steps.
It has nothing specifically to do with sandboxing. The same would happen,
e.g., if the page was a data: URL typed by a user (which is another case
where the page's origin isn't a tuple). Whatever part of IndexedDB says
what should happen for documents from handtyped data: URLs and any other
situations with non-tuple origins should automatically cover the case of
sandboxed content as well.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg