Hi, While working on enhancing WebKit's privacy infrastructure, I noticed that shared workers don't have a UA security policy escape clause like localStorage and other APIs. The process to create a shared worker does not allow UAs to abort creation with a SecurityError if it decides that a document, origin, or script violates the UA's security policy.
Adding something like the following (based on the localStorage policy clause) to the SharedWorker constructor steps would help: The user agent may throw a SecurityError exception instead of returning a SharedWorker object if the request violates a policy decision (e.g. if the user agent is configured to not allow the script to share data). What do you think? Jeffrey
