Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

What is the "sandboxed storage area URLs flag"? #3862

Closed
domenic opened this Issue Jul 30, 2018 · 6 comments

Comments

2 participants
@domenic
Copy link
Member

domenic commented Jul 30, 2018

This isn't referenced in the spec, and I couldn't find it in Google either.

My best guess is this is meant to have sandbox censor access to the nonstandard filesystem:// URLs that Chrome supports? If so, maybe it doesn't belong in the HTML spec...

/cc @mkruisselbrink as someone who might have an idea.

@mkruisselbrink

This comment has been minimized.

Copy link
Contributor

mkruisselbrink commented Jul 30, 2018

So you're talking about https://html.spec.whatwg.org/multipage/origin.html#sandboxed-storage-area-urls-flag? Not sure either, my guess would be this would be to prevent a same origin sandboxed iframe from accessing its own origins storage?

@mkruisselbrink

This comment has been minimized.

Copy link
Contributor

mkruisselbrink commented Jul 30, 2018

But my guess is probably wrong, maybe git history can help us figure out why it was introduced...

@mkruisselbrink

This comment has been minimized.

Copy link
Contributor

mkruisselbrink commented Jul 30, 2018

FWIW bae9fc5 added the data-export flag, supposedly because CSP uses the term...

/cc @mikewest

@mkruisselbrink

This comment has been minimized.

Copy link
Contributor

mkruisselbrink commented Jul 30, 2018

Ah, but 120b555 actually added the flag and claims it is for use by fetch..

@mkruisselbrink

This comment has been minimized.

Copy link
Contributor

mkruisselbrink commented Jul 30, 2018

And yes, looks like @domenic's initial guess was right, fetch sort of uses it, but only for filesystem: URLs, which are otherwise undefined and non-standard anyway...

@domenic

This comment has been minimized.

Copy link
Member Author

domenic commented Jul 30, 2018

Ah, great find, thank you for the detective work. I guess we can close this since Fetch uses it, and we'll remember to remove it from HTML if it ever gets removed from Fetch.

@domenic domenic closed this Jul 30, 2018

annevk added a commit that referenced this issue Feb 22, 2019

Editorial: remove sandboxed storage area URLs flag
This is not defined to have an effect. I.e., the ideas in https://www.w3.org/Bugs/Public/show_bug.cgi?id=25734 never materialized.

See also #3862 and whatwg/fetch#846.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.