Hi, the spec at http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#sandboxed-origin-browsing-context-flag says :
"This flag also prevents script from reading from or writing to the document.cookie IDL attribute, and blocks access to localStorage." it seems that indexedDB access should also be blocked when this flag is set (ie when 'allow-same-origin' is NOT specified for the sandbox attribute). i intend to implement this restriction in Gecko, feedback from other implementors is welcome :) thanks ! Ian
