Storage API

Looking at the Storage API:
http://www.whatwg.org/specs/web-apps/current-work/multipage/section-storage.html

(1)  How can a (key-value) pair be marked as readable in an insecure context?

Some of the wording sounds like it is possible, but I didn't see any
way to do it -- it sounds as though the secure flag is (only) set
automatically from the script's context, so that something written
from a secure context is automatically hidden from future insecure
access.

(2)  If an insecure access has grandfathered access to a
secure-context key-value pair, it can continue to read (including
future changes).  Why?  (There might be a good reason; it just isn't
obvious, so I think it should be explicit.)

(3)  If that grandfathered insecure context attempts to write, an
exception is raised -- but what happens to the actual key-value pair?
It sounds as though the failed write attempt effectively deletes the
pair (instead of being a no-op).  Why?  (Again, there might be a good
reason; it just isn't obvious, so I think it should be explicit.)

-jJ

Received on Thursday, 1 November 2007 03:14:04 UTC