| 08:24 | <jfernandez> | annevk: I've created a separated PR for the safelist update proposal, so that we can discuss each new protocol separately, as it was somehow suggested in the Mozilla standard position issue. I hope this new approach is seeing as positive and doesn't add more confusion to an already complex issue. If that's the case, I'm happy to continue the discussion in the PR that tries to add all the dweb schemes altogether. https://github.com/whatwg/html/pull/7911 |
| 22:44 | <Andrew Williams> | If a worker is created from a data URL by https://example.com, will that worker be considered a secure context? |
| 22:49 | <Andrew Williams> | Per [1] it seems the data URL would be potentially trustworthy, although the worker would have an opaque origin [2] which wouldn't be trustworthy per [3] [1] https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy [2] https://html.spec.whatwg.org/multipage/workers.html#set-up-a-worker-environment-settings-object [3] https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy |
| 22:57 | <Andrew Williams> | but maybe all that matters is that the document creating the worker is a secure context? [4] [4] https://html.spec.whatwg.org/multipage/webappapis.html#secure-contexts |