On Sat, Mar 30, 2013 at 1:42 AM, Jonas Sicking wrote:
> The reason that data: is relevant there is that blob: is proposed to behave
> the same as data:.
So the way a CORS fetch works in HTML is that it special cases data
URLs and about:blank to be in the same category as same-origin URLs.
XMLHttp
On Fri, Mar 29, 2013 at 11:21 PM, Paul Libbrecht wrote:
> It seems highly implementation dependent to decide on the security
> of a fragment of content.
I don't see why it would be. The whole idea is that browsers support
the same set of features, so the security implications are the same.
We're
