[Bug 18866] Make it clear that localStorage can be cleared by UA at will from bugzilla@jessica.w3.org on 2012-09-18 (public-webapps-bugzilla@w3.org from September 2012)

From: <bugzilla@jessica.w3.org>
Date: Tue, 18 Sep 2012 18:53:30 +0000
To: public-webapps-bugzilla@w3.org
Message-Id: <E1TE2vK-0005M4-JU@jessica.w3.org>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=18866

--- Comment #1 from Alec Flett <alecflett@chromium.org> 2012-09-18 18:53:30 UTC ---
jsbell clarified to me that lru meant "on an origin basis" and it might be
worth clarifying wherever this is used otherwise folks are going to think that
arbitrary key/value pairs are just going to vanish from their localStorage.

I also wanted to point out that there are some DOS attacks that you can imagine
- i.e. imagine I have a page with 1000 iframes, 1000 origins that all put a a
few key/values in their respective localstores. If the eviction policy is
purely size-based, it could let bad sites flush your browser of local storage
for other sites even if you just used them 5 minutes earlier, possibly
effectively logging you out of other sites.

-- 
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Tuesday, 18 September 2012 18:53:31 UTC