Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Store HTTPS state on Blob objects #35

Closed
annevk opened this issue Apr 4, 2016 · 3 comments
Closed

Store HTTPS state on Blob objects #35

annevk opened this issue Apr 4, 2016 · 3 comments
Labels
normative change

Comments

@annevk
Copy link
Member

annevk commented Apr 4, 2016

See whatwg/html#929 for details.
@annevk annevk mentioned this issue Apr 4, 2016
Closed
@mikewest
Copy link
Member

mikewest commented Apr 4, 2016

Note that this will solve at least one source of CSP bypasses (request data from the web, put it into a blob, then window.open the blob). It's something I'm interested in doing for Chrome, I just haven't taken time yet.

@annevk
Copy link
Member Author

annevk commented Jan 9, 2020

Perhaps #142 is a better solution here as you could always retrieve the bytes from a Blob object and put them in another Blob object to circumvent this strategy.

@annevk
Copy link
Member Author

annevk commented Aug 5, 2020

We achieved an even better solution, removal of HTTPS state: whatwg/fetch#1067.

@annevk annevk closed this as completed Aug 5, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
normative change
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikewest @inexorabletash @annevk