On Wed, Apr 23, 2014 at 10:12 PM, Andrew Sutherland <[email protected]> wrote: >> Another solution is to define that sandboxed pages with scripts >> disabled can't load from local urls. At least not unless explicitly >> allowed by some new sandbox flag. > > This seems unintuitive. > > I think the simplest/best option is just to not expose/map the indexedDB URI > scheme unless it is explicitly requested.
The problem is that this simply reduces the problem. It doesn't solve it. I.e. if I have a database which I do want to be able to get data from using indexeddb: URLs for my own pages, how do I protect myself from 3rd party content reading from that database? Another thing to keep in mind is that multiple people often work on the same website. Just because one person knows that he needs to access indexeddb: URLs for a particular database, doesn't mean that another person knows that running 3rd party content in-origin now enables that 3rd party content to read from a particular database. I think very few use cases would get broken by equating "reading from indexeddb://" to "running script". / Jonas _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
