W3C home > Mailing lists > Public > public-html@w3.org > November 2007

Storage API

From: Jim Jewett <jimjjewett@gmail.com>
Date: Wed, 31 Oct 2007 23:13:54 -0400
Message-ID: <fb6fbf560710312013m4e84790dtf79c56e17e4be375@mail.gmail.com>
To: public-html@w3.org

Looking at the Storage API:
http://www.whatwg.org/specs/web-apps/current-work/multipage/section-storage.html

(1)  How can a (key-value) pair be marked as readable in an insecure context?

Some of the wording sounds like it is possible, but I didn't see any
way to do it -- it sounds as though the secure flag is (only) set
automatically from the script's context, so that something written
from a secure context is automatically hidden from future insecure
access.

(2)  If an insecure access has grandfathered access to a
secure-context key-value pair, it can continue to read (including
future changes).  Why?  (There might be a good reason; it just isn't
obvious, so I think it should be explicit.)

(3)  If that grandfathered insecure context attempts to write, an
exception is raised -- but what happens to the actual key-value pair?
It sounds as though the failed write attempt effectively deletes the
pair (instead of being a no-op).  Why?  (Again, there might be a good
reason; it just isn't obvious, so I think it should be explicit.)

-jJ
Received on Thursday, 1 November 2007 03:14:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:16:09 GMT