W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2011

Re: [webstorage] origin security check

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Tue, 14 Jun 2011 06:28:45 +0100
Message-ID: <BANLkTimVLpOLK93xkFqJ7q_VfswcRXWwOQ@mail.gmail.com>
To: Ian Hickson <ian@hixie.ch>
Cc: public-webapps <public-webapps@w3.org>
On Monday, June 13, 2011, Ian Hickson <ian@hixie.ch> wrote:
> On Mon, 13 Jun 2011, Marcos Caceres wrote:
>> I thought maybe I could get away with:
>> "When getting or setting the preferences attribute, if the origin of a
>> widget instance is mutable (e.g., if the user agent allows
>> document.domain to be dynamically changed), then the user agent must
>> perform the object initialization steps of [Web Storage] substituting
>> the preferences attribute for the localStorage attribute where
>> appropriate."
>> But maybe I'll just do a copy and paste and just replace the appropriate
>> bits of text.
> I guess that could work.
> By the way, how are you resolving the multiple-thread problem here? (Since
> you're introducing a new API, it presumably doesn't have to have the same
> bug as the localStorage API, where we're stuck for legacy reasons and are
> basically forced to either have a cross-thread blocking API or a racy API,
> depending on how it's implemented, both of which suck.)

We are not solving it:(

As widgets run as a single process, each instance in a unique origin,
don't share data/cache with browser tabs/windows or other widgets,
this issue does not come up much... At least no one has complained to
me about it.

> --
> Ian Hickson               U+1047E                )\._.,--....,'``.    fL
> http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
> Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Marcos Caceres
Received on Tuesday, 14 June 2011 05:29:13 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:32 UTC