Re: [last call feedback] Last Call of Web Crypto API; deadline May 20

2014-05-16 Thread Ryan Sleevi
On May 16, 2014 7:20 PM, "Jonas Sicking" wrote: > > On Tue, Mar 25, 2014 at 12:31 PM, Arthur Barstow wrote: > > WebApps was asked to review the Last Call Working Draft of the Web Crypto > > API: > > > > > > > > Individual WG members are enco

[last call feedback] Last Call of Web Crypto API; deadline May 20

2014-05-16 Thread Jonas Sicking
On Tue, Mar 25, 2014 at 12:31 PM, Arthur Barstow wrote: > WebApps was asked to review the Last Call Working Draft of the Web Crypto > API: > > > > Individual WG members are encouraged to provide individual feedback. I don't really have the c

Re: Blob URL Origin

2014-05-16 Thread Jonas Sicking
On Fri, May 16, 2014 at 8:15 AM, Boris Zbarsky wrote: > On 5/16/14, 11:08 AM, Anne van Kesteren wrote: >> >> Not tainting ? Same-origin ? Doesn't matter? > > The same-origin bit. I think everyone is on board with not > tainting for data: things. And I agree with them. The fact that s end up sa

Re: Blob URL Origin

2014-05-16 Thread Boris Zbarsky
On 5/16/14, 11:08 AM, Anne van Kesteren wrote: Not tainting ? Same-origin ? Doesn't matter? The same-origin bit. I think everyone is on board with not tainting for data: things. -Boris

Re: Blob URL Origin

2014-05-16 Thread Glenn Maynard
On Fri, May 16, 2014 at 9:11 AM, Anne van Kesteren wrote: > I think the sad thing is that if you couple origins with blob URLs you > can no longer hand a blob URL to an -based widget and let them > play with it. E.g. draw, modify, and hand a URL back for the modified > image. But I guess this is

Re: Blob URL Origin

2014-05-16 Thread Anne van Kesteren
On Fri, May 16, 2014 at 5:04 PM, Boris Zbarsky wrote: > On 5/16/14, 10:39 AM, Anne van Kesteren wrote: >>> The fact that some UAs don't want to implement it? >> >> Do we know why? > > They think it's a security problem. Not tainting ? Same-origin ? Doesn't matter? -- http://annevankesteren.nl/

Re: Blob URL Origin

2014-05-16 Thread Boris Zbarsky
On 5/16/14, 10:39 AM, Anne van Kesteren wrote: The fact that some UAs don't want to implement it? Do we know why? They think it's a security problem. -Boris

Re: Blob URL Origin

2014-05-16 Thread Anne van Kesteren
On Fri, May 16, 2014 at 4:31 PM, Boris Zbarsky wrote: > On 5/16/14, 10:11 AM, Anne van Kesteren wrote: >> What exactly is wrong with the data URL model that we have today > > The fact that some UAs don't want to implement it? Do we know why? >> But I guess this is a scenario you explicitly want

Re: Blob URL Origin

2014-05-16 Thread Boris Zbarsky
On 5/16/14, 10:11 AM, Anne van Kesteren wrote: What exactly is wrong with the data URL model that we have today The fact that some UAs don't want to implement it? and how do we plan on fixing it? We don't have a plan yet. But I guess this is a scenario you explicitly want to outlaw, even

Re: Blob URL Origin

2014-05-16 Thread Anne van Kesteren
On Thu, May 15, 2014 at 8:17 PM, Jonas Sicking wrote: > I did. It's not very attractive to use the model of something that so > far we haven't been able to make work consistently across UAs, and > which isn't looking like we will be able to get consistently working > across UAs for a long time to