On 4/19/2010 10:08 PM, Jeremy Orlow wrote:
In the thread you linked to earlier, it was suggested that user agents could also factor in the top level domain into the cap (e.g. example.com only gets 50MB of space).On Tue, Apr 13, 2010 at 3:09 AM, Mark Seaborn<mseab...@chromium.org> wrote:2) It is too permissive because it enforces no limit on the amount of space a web app can use: A web app from example.com can create an unlimited number of puppet subdomains: aaa.example.com, bbb.example.com, etc. It can use aaa.example.com's 5Mb allocation by loading a script from aaa.example.com in an iframe and communicating with it using postMessage().As far as I'm aware, no one (including Chromium) has a solution to at the moment. Which probably should be a cause for concern. :-)
But really, I don't see how any of this is testable in a deterministic matter, so I don't see the point in adding it to the spec.
Cheers, Shawn
smime.p7s
Description: S/MIME Cryptographic Signature
