- From: Ian Hickson via cvs-syncmail <cvsmail@w3.org>
- Date: Thu, 04 Aug 2011 21:41:51 +0000
- To: public-html-commits@w3.org
Update of /sources/public/html5/spec In directory hutz:/tmp/cvs-serv18906 Modified Files: Overview.html Log Message: Allow UAs to opt out of the storage mutex and corrupt data instead of being slow. (whatwg r6368) Index: Overview.html =================================================================== RCS file: /sources/public/html5/spec/Overview.html,v retrieving revision 1.5087 retrieving revision 1.5088 diff -u -d -r1.5087 -r1.5088 --- Overview.html 4 Aug 2011 21:29:32 -0000 1.5087 +++ Overview.html 4 Aug 2011 21:41:47 -0000 1.5088 @@ -49158,11 +49158,27 @@ was queued; if the task was queued by or for a <a href="#concept-script" title="concept-script">script</a> then the document is the <a href="#script-s-document">script's document</a>.</p> - <p>A user agent is required to have one <dfn id="storage-mutex">storage - mutex</dfn>. This mutex is used to control access to shared state - like cookies. At any one point, the <a href="#storage-mutex">storage mutex</a> is - either free, or owned by a particular <a href="#event-loop">event loop</a> or - instance of the <a href="#fetch" title="fetch">fetching</a> algorithm.</p> + <p>A user agent may have one <dfn id="storage-mutex">storage mutex</dfn>. This mutex is + used to control access to shared state like cookies. At any one + point, the <a href="#storage-mutex">storage mutex</a> is either free, or owned by a + particular <a href="#event-loop">event loop</a> or instance of the <a href="#fetch" title="fetch">fetching</a> algorithm.</p> + + <p>If a user agent does not implement a <a href="#storage-mutex">storage mutex</a>, + it is exempt from implementing the requirements that require it to + acquire or release it.</p> + + <p class="note">User agent implementors have to make a choice + between two evils. On the one hand, not implementing the storage + mutex means that there is a risk of data corruption: a site could, + for instance, try to read a cookie, increment its value, then write + it back out, using the new value of the cookie as a unique + identifier for the session; if the site does this twice in two + different browser windows at the same time, it might end up using + the same "unique" identifier for both sessions, with potentially + disastrous effects. On the other hand, implementing the storage + mutex has potentially serious performance implications: whenever a + site uses Web Storage or cookies, all other sites that try to use + Web Storage or cookies are blocked until the first site finishes.</p> <p>Whenever a <a href="#concept-script" title="concept-script">script</a> calls into a <a href="#plugin">plugin</a>, and whenever a <a href="#plugin">plugin</a> calls into
Received on Thursday, 4 August 2011 21:41:52 UTC