- From: Jim Jewett <jimjjewett@gmail.com>
- Date: Wed, 31 Oct 2007 23:13:54 -0400
- To: public-html@w3.org
Looking at the Storage API: http://www.whatwg.org/specs/web-apps/current-work/multipage/section-storage.html (1) How can a (key-value) pair be marked as readable in an insecure context? Some of the wording sounds like it is possible, but I didn't see any way to do it -- it sounds as though the secure flag is (only) set automatically from the script's context, so that something written from a secure context is automatically hidden from future insecure access. (2) If an insecure access has grandfathered access to a secure-context key-value pair, it can continue to read (including future changes). Why? (There might be a good reason; it just isn't obvious, so I think it should be explicit.) (3) If that grandfathered insecure context attempts to write, an exception is raised -- but what happens to the actual key-value pair? It sounds as though the failed write attempt effectively deletes the pair (instead of being a no-op). Why? (Again, there might be a good reason; it just isn't obvious, so I think it should be explicit.) -jJ
Received on Thursday, 1 November 2007 03:14:04 UTC