W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: [webstorage] origin security check

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 13 Jun 2011 19:39:55 +0000 (UTC)
To: Marcos Caceres <marcosscaceres@gmail.com>
cc: public-webapps <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.64.1106131937480.14203@ps20323.dreamhostps.com>
On Mon, 13 Jun 2011, Marcos Caceres wrote:
> 
> I thought maybe I could get away with:
> 
> "When getting or setting the preferences attribute, if the origin of a 
> widget instance is mutable (e.g., if the user agent allows 
> document.domain to be dynamically changed), then the user agent must 
> perform the object initialization steps of [Web Storage] substituting 
> the preferences attribute for the localStorage attribute where 
> appropriate."
> 
> But maybe I'll just do a copy and paste and just replace the appropriate 
> bits of text.

I guess that could work.

By the way, how are you resolving the multiple-thread problem here? (Since 
you're introducing a new API, it presumably doesn't have to have the same 
bug as the localStorage API, where we're stuck for legacy reasons and are 
basically forced to either have a cross-thread blocking API or a racy API, 
depending on how it's implemented, both of which suck.)

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 13 June 2011 19:40:29 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:45 GMT