search

LavaMoat / snow

Use Snow to finally secure your web app's same origin realms!
https://lavamoat.github.io/snow/demo/
MIT License
102 stars 9 forks source link

Disable creation of URL objects out of Blob/File #69

Closed weizman closed 1 year ago

weizman commented 1 year ago

  1. 43 was introduced by @arxenix

  2. A fix attempt #45 was introduced by @weizman
  3. @arxenix proved #45 was still not sufficient as a fix
  4. @weizman decided to revisit in the future
  5. This PR #69 is to strictly disable creation of URL object out of Blob/File until a clever solution is found
  6. This descision is based on not finding major standard web applications that will be affected by (5)