W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

ACTION-438 Question about possibility of cross-site data sharing in Web Storage

From: Ashok Malhotra <ASHOK.MALHOTRA@oracle.com>
Date: Tue, 15 Jun 2010 04:11:01 -0700 (PDT)
Message-ID: <681976d1-18bf-42e8-b54a-34ad1e22877b@default>
To: <public-webapps@w3.org>
Cc: Www-Tag <www-tag@w3.org>
At the TAG f2f meeting last week we discussed the Web Storage (http://dev.w3.org/html5/webstorage/) draft.  As you know, Web Storage provides storage mechanisms (local storage and session storage) by origin.  This led us to conclude that it supports the same-origin policy.  But section 6.1 contains the sentence “User agents may allow sites to access session storage areas in an unrestricted manner, but require the user to authorize access to local storage areas.”   This prompted some of us to speculate that a door is being left open for cross-site information sharing in the manner of CORS (http://www.w3.org/TR/access-control/)or UMP(http://www.w3.org/TR/UMP/).

Would you agree that this reading between the lines is justified?
Received on Tuesday, 15 June 2010 11:11:46 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:39 GMT