On Wed, Mar 27, 2013 at 2:41 AM, Anne van Kesteren <ann...@annevk.nl> wrote: >> However we'd still need to nail down what the new behavior should be. >> Should it behave like data: URLs? The main advantage of those is that >> implementations still don't agree on how those should behave. > > I'm not sure what that means. I can easily postMessage() a data URL to > an <iframe> of another origin and that <iframe> can then load the data > URL in an <img> and have it work (obviously, as the data URL is > self-contained).
The question is, what happens if you do: <iframe src="blob:..." id=iframe> iframe.onload = function() { iframe.contentWindow.document; // throws or not? } What if the blob-url was created in another origin, does that make a difference? For data: URIs different browsers behave differently in the example above. Same question applies if you create an <img src="blob:..."> and then drawImage it into a canvas, does the canvas get tainted? Again, I think different browsers do different things for data: URLs here. / Jonas