- From: CVS User ihickson <cvsmail@w3.org>
- Date: Fri, 12 Apr 2013 21:29:10 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/webstorage
In directory roscoe:/tmp/cvs-serv24699
Modified Files:
Overview.html
Log Message:
Cleanup (whatwg r7819)
--- /sources/public/html5/webstorage/Overview.html 2013/04/01 17:57:47 1.218
+++ /sources/public/html5/webstorage/Overview.html 2013/04/12 21:29:10 1.219
@@ -215,7 +215,7 @@
<p><a href="http://www.w3.org/"><img alt="W3C" height="48" src="http://www.w3.org/Icons/w3c_home" width="72"></a></p>
<h1>Web Storage</h1>
- <h2 class="no-num no-toc" id="editor-s-draft-1-april-2013">Editor's Draft 1 April 2013</h2>
+ <h2 class="no-num no-toc" id="editor-s-draft-12-april-2013">Editor's Draft 12 April 2013</h2>
<dl><dt>Latest Published Version:</dt>
<dd><a href="http://www.w3.org/TR/webstorage/">http://www.w3.org/TR/webstorage/</a></dd>
<dt>Latest Editor's Draft:</dt>
@@ -351,7 +351,7 @@
</dl><p>The W3C <a href="http://www.w3.org/2008/webapps/">Web Applications
Working Group</a> is the W3C working group responsible for this
specification's progress along the W3C Recommendation track.
- This specification is the 1 April 2013 Editor's Draft.
+ This specification is the 12 April 2013 Editor's Draft.
</p>
@@ -872,66 +872,53 @@
<a href="#storage-0">Storage</a>? storageArea;
};</pre>
- <p>The <dfn id="dom-storageevent-key" title="dom-StorageEvent-key"><code>key</code></dfn>
- attribute must return the value it was initialized to. When the
- object is created, this attribute must be initialized to null. It
+ <p>The <dfn id="dom-storageevent-key" title="dom-StorageEvent-key"><code>key</code></dfn> attribute must return the value it
+ was initialized to. When the object is created, this attribute must be initialized to null. It
represents the key being changed.</p>
- <p>The <dfn id="dom-storageevent-oldvalue" title="dom-StorageEvent-oldValue"><code>oldValue</code></dfn>
- attribute must return the value it was initialized to. When the
- object is created, this attribute must be initialized to null. It
- represents the old value of the key being changed.</p>
-
- <p>The <dfn id="dom-storageevent-newvalue" title="dom-StorageEvent-newValue"><code>newValue</code></dfn>
- attribute must return the value it was initialized to. When the
- object is created, this attribute must be initialized to null. It
- represents the new value of the key being changed.</p>
-
- <p>The <dfn id="dom-storageevent-url" title="dom-StorageEvent-url"><code>url</code></dfn>
- attribute must return the value it was initialized to. When the
- object is created, this attribute must be initialized to the empty
- string. It represents the address of the document whose key
- changed.</p>
-
- <p>The <dfn id="dom-storageevent-storagearea" title="dom-StorageEvent-storageArea"><code>storageArea</code></dfn>
- attribute must return the value it was initialized to. When the
- object is created, this attribute must be initialized to null. It
- represents the <code><a href="#storage-0">Storage</a></code> object that was affected.</p>
+ <p>The <dfn id="dom-storageevent-oldvalue" title="dom-StorageEvent-oldValue"><code>oldValue</code></dfn> attribute must return
+ the value it was initialized to. When the object is created, this attribute must be initialized to
+ null. It represents the old value of the key being changed.</p>
+
+ <p>The <dfn id="dom-storageevent-newvalue" title="dom-StorageEvent-newValue"><code>newValue</code></dfn> attribute must return
+ the value it was initialized to. When the object is created, this attribute must be initialized to
+ null. It represents the new value of the key being changed.</p>
+
+ <p>The <dfn id="dom-storageevent-url" title="dom-StorageEvent-url"><code>url</code></dfn> attribute must return the value it
+ was initialized to. When the object is created, this attribute must be initialized to the empty
+ string. It represents the address of the document whose key changed.</p>
+
+ <p>The <dfn id="dom-storageevent-storagearea" title="dom-StorageEvent-storageArea"><code>storageArea</code></dfn> attribute must
+ return the value it was initialized to. When the object is created, this attribute must be
+ initialized to null. It represents the <code><a href="#storage-0">Storage</a></code> object that was affected.</p>
<h3 id="threads"><span class="secno">4.5 </span>Threads</h3>
- <p>Because of <a href="#localStorageMutex">the use</a> of the
- <span>storage mutex</span>, multiple browsing contexts will be able
- to access the local storage areas simultaneously in such a manner
+ <p>Because of <a href="#localStorageMutex">the use</a> of the <span>storage mutex</span>, multiple
+ browsing contexts will be able to access the local storage areas simultaneously in such a manner
that scripts cannot detect any concurrent script execution.</p>
- <p>Thus, the <code title="dom-Storage-length"><a href="#dom-storage-length">length</a></code>
- attribute of a <code><a href="#storage-0">Storage</a></code> object, and the value of the
- various properties of that object, cannot change while a script is
- executing, other than in a way that is predictable by the script
- itself.</p>
+ <p>Thus, the <code title="dom-Storage-length"><a href="#dom-storage-length">length</a></code> attribute of a <code><a href="#storage-0">Storage</a></code>
+ object, and the value of the various properties of that object, cannot change while a script is
+ executing, other than in a way that is predictable by the script itself.</p>
<h2 id="disk-space"><span class="secno">5 </span>Disk space</h2>
+ <p>User agents should limit the total amount of space allowed for storage areas, because hostile
+ authors could otherwise use this feature to exhaust the user's available disk space.</p>
- <p>User agents should limit the total amount of space allowed for
- storage areas, because hostile authors could otherwise use this feature to exhaust the user's available disk space.</p>
+ <p>User agents should guard against sites storing data under their origin's other affiliated
+ sites, e.g. storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc,
+ circumventing the main example.com storage limit.</p>
- <p>User agents should guard against sites storing data under their
- origin's other affiliated sites, e.g. storing up to the limit in
- a1.example.com, a2.example.com, a3.example.com, etc, circumventing
- the main example.com storage limit.</p>
-
- <p>User agents may prompt the user when quotas are reached, allowing
- the user to grant a site more space. This enables sites to store
- many user-created documents on the user's computer, for
+ <p>User agents may prompt the user when quotas are reached, allowing the user to grant a site more
+ space. This enables sites to store many user-created documents on the user's computer, for
instance.</p>
- <p>User agents should allow users to see how much space each domain
- is using.</p>
+ <p>User agents should allow users to see how much space each domain is using.</p>
@@ -943,26 +930,21 @@
<h3 id="user-tracking"><span class="secno">6.1 </span>User tracking</h3>
- <p>A third-party advertiser (or any entity capable of getting
- content distributed to multiple sites) could use a unique identifier
- stored in its local storage area to track a user across multiple
- sessions, building a profile of the user's interests to allow for
- highly targeted advertising. In conjunction with a site that is
- aware of the user's real identity (for example an e-commerce site
- that requires authenticated credentials), this could allow
- oppressive groups to target individuals with greater accuracy than
- in a world with purely anonymous Web usage.</p>
+ <p>A third-party advertiser (or any entity capable of getting content distributed to multiple
+ sites) could use a unique identifier stored in its local storage area to track a user across
+ multiple sessions, building a profile of the user's interests to allow for highly targeted
+ advertising. In conjunction with a site that is aware of the user's real identity (for example an
+ e-commerce site that requires authenticated credentials), this could allow oppressive groups to
+ target individuals with greater accuracy than in a world with purely anonymous Web usage.</p>
- <p>There are a number of techniques that can be used to mitigate the
- risk of user tracking:</p>
+ <p>There are a number of techniques that can be used to mitigate the risk of user tracking:</p>
<dl><dt>Blocking third-party storage</dt>
<dd>
- <p>User agents may restrict access to the <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code> objects to scripts
- originating at the domain of the top-level document of the
- <span>browsing context</span>, for instance denying access to the
- API for pages from other domains running in
+ <p>User agents may restrict access to the <code title="dom-localStorage"><a href="#dom-localstorage">localStorage</a></code>
+ objects to scripts originating at the domain of the top-level document of the <span>browsing
+ context</span>, for instance denying access to the API for pages from other domains running in
<code>iframe</code>s.</p>
</dd>
@@ -973,20 +955,17 @@
<p>User agents may, possibly in a manner configured by the user, automatically delete stored
data after a period of time.</p>
- <p>For example, a user agent could be configured to treat
- third-party local storage areas as session-only storage, deleting
- the data once the user had closed all the <span title="browsing
+ <p>For example, a user agent could be configured to treat third-party local storage areas as
+ session-only storage, deleting the data once the user had closed all the <span title="browsing
context">browsing contexts</span> that could access it.</p>
- <p>This can restrict the ability of a site to track a user, as the
- site would then only be able to track the user across multiple
- sessions when he authenticates with the site itself (e.g. by
+ <p>This can restrict the ability of a site to track a user, as the site would then only be able
+ to track the user across multiple sessions when he authenticates with the site itself (e.g. by
making a purchase or logging in to a service).</p>
- <p>However, this also reduces the usefulness of the API as a
- long-term storage mechanism. It can also put the user's data at
- risk, if the user does not fully understand the implications of
- data expiration.</p>
+ <p>However, this also reduces the usefulness of the API as a long-term storage mechanism. It can
+ also put the user's data at risk, if the user does not fully understand the implications of data
+ expiration.</p>
@@ -995,19 +974,15 @@
<dt>Treating persistent storage as cookies</dt>
<dd>
- <p>If users attempt to protect their privacy by clearing cookies
- without also clearing data stored in the local storage area, sites
- can defeat those attempts by using the two features as redundant
- backup for each other. User agents should present the interfaces
- for clearing these in a way that helps users to understand this
- possibility and enables them to delete data in all persistent
- storage features simultaneously. <a href="#refsCOOKIES">[COOKIES]</a></p>
+ <p>If users attempt to protect their privacy by clearing cookies without also clearing data
+ stored in the local storage area, sites can defeat those attempts by using the two features as
+ redundant backup for each other. User agents should present the interfaces for clearing these in
+ a way that helps users to understand this possibility and enables them to delete data in all
+ persistent storage features simultaneously. <a href="#refsCOOKIES">[COOKIES]</a></p>
</dd>
- <dt>Site-specific white-listing of access to local storage
- areas</dt>
- <dd>
+ <dt>Site-specific white-listing of access to local storage areas</dt> <dd>
<p>User agents may allow sites to access session storage areas in
an unrestricted manner, but require the user to authorize access
@@ -1018,58 +993,47 @@
<dt>Origin-tracking of stored data</dt>
<dd>
- <p>User agents may record the <span title="origin">origins</span>
- of sites that contained content from third-party origins that
- caused data to be stored.</p>
-
- <p>If this information is then used to present the view of data
- currently in persistent storage, it would allow the user to make
- informed decisions about which parts of the persistent storage to
- prune. Combined with a blacklist ("delete this data and prevent
- this domain from ever storing data again"), the user can restrict
- the use of persistent storage to sites that he trusts.</p>
+ <p>User agents may record the <span title="origin">origins</span> of sites that contained
+ content from third-party origins that caused data to be stored.</p>
+
+ <p>If this information is then used to present the view of data currently in persistent storage,
+ it would allow the user to make informed decisions about which parts of the persistent storage
+ to prune. Combined with a blacklist ("delete this data and prevent this domain from ever storing
+ data again"), the user can restrict the use of persistent storage to sites that he trusts.</p>
</dd>
<dt>Shared blacklists</dt>
<dd>
- <p>User agents may allow users to share their persistent storage
- domain blacklists.</p>
+ <p>User agents may allow users to share their persistent storage domain blacklists.</p>
- <p>This would allow communities to act together to protect their
- privacy.</p>
+ <p>This would allow communities to act together to protect their privacy.</p>
</dd>
- </dl><p>While these suggestions prevent trivial use of this API for user
- tracking, they do not block it altogether. Within a single domain, a
- site can continue to track the user during a session, and can then
- pass all this information to the third party along with any
- identifying information (names, credit card numbers, addresses)
- obtained by the site. If a third party cooperates with multiple
- sites to obtain such information, a profile can still be
- created.</p>
-
- <p>However, user tracking is to some extent possible even with no
- cooperation from the user agent whatsoever, for instance by using
- session identifiers in URLs, a technique already commonly used for
- innocuous purposes but easily repurposed for user tracking (even
- retroactively). This information can then be shared with other
- sites, using visitors' IP addresses and other user-specific data
- (e.g. user-agent headers and configuration settings) to combine
- separate sessions into coherent user profiles.</p>
+ </dl><p>While these suggestions prevent trivial use of this API for user tracking, they do not block it
+ altogether. Within a single domain, a site can continue to track the user during a session, and
+ can then pass all this information to the third party along with any identifying information
+ (names, credit card numbers, addresses) obtained by the site. If a third party cooperates with
+ multiple sites to obtain such information, a profile can still be created.</p>
+
+ <p>However, user tracking is to some extent possible even with no cooperation from the user agent
+ whatsoever, for instance by using session identifiers in URLs, a technique already commonly used
+ for innocuous purposes but easily repurposed for user tracking (even retroactively). This
+ information can then be shared with other sites, using visitors' IP addresses and other
+ user-specific data (e.g. user-agent headers and configuration settings) to combine separate
+ sessions into coherent user profiles.</p>
<h3 id="sensitivity-of-data"><span class="secno">6.2 </span>Sensitivity of data</h3>
- <p>User agents should treat persistently stored data as potentially
- sensitive; it's quite possible for e-mails, calendar appointments,
- health records, or other confidential documents to be stored in this
- mechanism.</p>
+ <p>User agents should treat persistently stored data as potentially sensitive; it's quite possible
+ for e-mails, calendar appointments, health records, or other confidential documents to be stored
+ in this mechanism.</p>
- <p>To this end, user agents should ensure that when deleting data,
- it is promptly deleted from the underlying storage.</p>
+ <p>To this end, user agents should ensure that when deleting data, it is promptly deleted from the
+ underlying storage.</p>
@@ -1077,12 +1041,10 @@
<h3 id="dns-spoofing-attacks"><span class="secno">7.1 </span>DNS spoofing attacks</h3>
- <p>Because of the potential for DNS spoofing attacks, one cannot
- guarantee that a host claiming to be in a certain domain really is
- from that domain. To mitigate this, pages can use TLS. Pages using
- TLS can be sure that only the user, software working on behalf of
- the user, and other pages using TLS that have certificates
- identifying them as being from the same domain, can access their
+ <p>Because of the potential for DNS spoofing attacks, one cannot guarantee that a host claiming to
+ be in a certain domain really is from that domain. To mitigate this, pages can use TLS. Pages
+ using TLS can be sure that only the user, software working on behalf of the user, and other pages
+ using TLS that have certificates identifying them as being from the same domain, can access their
storage areas.</p>
@@ -1093,35 +1055,29 @@
the access by pathname. Authors on shared hosts are therefore urged to avoid using these features,
as it would be trivial for other authors to read the data and overwrite it.</p>
- <p class="note">Even if a path-restriction feature was made
- available, the usual DOM scripting security model would make it
- trivial to bypass this protection and access the data from any
+ <p class="note">Even if a path-restriction feature was made available, the usual DOM scripting
+ security model would make it trivial to bypass this protection and access the data from any
path.</p>
<h3 id="implementation-risks"><span class="secno">7.3 </span>Implementation risks</h3>
- <p>The two primary risks when implementing these persistent storage
- features are letting hostile sites read information from other
- domains, and letting hostile sites write information that is then
- read from other domains.</p>
-
- <p>Letting third-party sites read data that is not supposed to be
- read from their domain causes <em>information leakage</em>, For
- example, a user's shopping wishlist on one domain could be used by
- another domain for targeted advertising; or a user's
- work-in-progress confidential documents stored by a word-processing
- site could be examined by the site of a competing company.</p>
-
- <p>Letting third-party sites write data to the persistent storage of
- other domains can result in <em>information spoofing</em>, which is
- equally dangerous. For example, a hostile site could add items to a
- user's wishlist; or a hostile site could set a user's session
- identifier to a known ID that the hostile site can then use to track
- the user's actions on the victim site.</p>
+ <p>The two primary risks when implementing these persistent storage features are letting hostile
+ sites read information from other domains, and letting hostile sites write information that is
+ then read from other domains.</p>
+
+ <p>Letting third-party sites read data that is not supposed to be read from their domain causes
+ <em>information leakage</em>, For example, a user's shopping wishlist on one domain could be used
+ by another domain for targeted advertising; or a user's work-in-progress confidential documents
+ stored by a word-processing site could be examined by the site of a competing company.</p>
+
+ <p>Letting third-party sites write data to the persistent storage of other domains can result in
+ <em>information spoofing</em>, which is equally dangerous. For example, a hostile site could add
+ items to a user's wishlist; or a hostile site could set a user's session identifier to a known ID
+ that the hostile site can then use to track the user's actions on the victim site.</p>
- <p>Thus, strictly following the <span>origin</span> model described
- in this specification is important for user security.</p>
+ <p>Thus, strictly following the <span>origin</span> model described in this specification is
+ important for user security.</p>
Received on Friday, 12 April 2013 21:29:16 UTC