- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Tue, 03 Nov 2009 23:01:07 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/webdatabase In directory hutz:/tmp/cvs-serv9944 Modified Files: Overview.html Log Message: Remove Web Database from the WHATWG complete spec; say that sqlite is the expected language; update the character references to the latest set. (whatwg r4374) Index: Overview.html =================================================================== RCS file: /sources/public/html5/webdatabase/Overview.html,v retrieving revision 1.44 retrieving revision 1.45 diff -u -d -r1.44 -r1.45 --- Overview.html 27 Oct 2009 09:15:04 -0000 1.44 +++ Overview.html 3 Nov 2009 23:01:05 -0000 1.45 @@ -1069,8 +1069,7 @@ <td>A lock for the transaction could not be obtained in a reasonable time. - </table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p class="XXX">Need to define the SQL dialect.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for - + </table><h2 id="web-sql"><span class="secno">5 </span>Web SQL</h2><p>User agents must implement the SQL dialect supported by Sqlite 3.6.19.<h2 id="disk-space"><span class="secno">6 </span>Disk space</h2><p>User agents should limit the total amount of space allowed for databases. <p>User agents should guard against sites storing data under the @@ -1088,6 +1087,7 @@ stored in its client-side databases + to track a user across multiple sessions, building a profile of the user's interests to allow for highly targeted advertising. In conjunction with a site that is aware of the user's real identity @@ -1101,6 +1101,7 @@ <p>User agents may restrict access to the database objects + to scripts originating at the domain of the top-level document of the <span>browsing context</span>, for instance denying access to the API for pages from other domains running in @@ -1133,7 +1134,6 @@ <p>If users attempt to protect their privacy by clearing cookies without also clearing data stored in the - relevant databases, sites can defeat those attempts by using the two features as @@ -1147,12 +1147,14 @@ <dt>Site-specific white-listing of access to databases + </dt> <dd> <p>User agents may require the user to authorize access to databases before a site can use the feature.</p> + </dd> @@ -1206,12 +1208,10 @@ from that domain. To mitigate this, pages can use SSL. Pages using SSL can be sure that only pages using SSL that have certificates identifying them as being from the same domain can access their - databases. <h3 id="cross-directory-attacks"><span class="secno">8.2 </span>Cross-directory attacks</h3><p>Different authors sharing one host name, for example users hosting content on <code>geocities.com</code>, all share one - set of databases. There is no feature to restrict the access by pathname. Authors on
Received on Tuesday, 3 November 2009 23:01:19 UTC