Hi, Is there any particular reason why we restrict blob URLs to the same origin as the script that created them? In effect they are pretty much like capability URLs (containing an unguessable token). So if someone decides to share one, that should be okay I think. This would be useful in the context of sandboxed code (<iframe sandbox>) and presumably elsewhere too.
Cheers, -- http://annevankesteren.nl/
