This is an old revision of the document!
Note that phishing attacks are out of scope
For storage channels data is not directly transmitted to an outside source, however any security labels need to be persisted along with the data or these need to be delayed channels.
We assume that each origin may be its own security principal. In addition we have a LOCAL_ONLY label for data that should never leave the client.
Since XHR can be used to pull sensitive data from different pages we need to handle its results with some care.
In this section we discuss a possible approach to limit a scripts access to the DOM.