- From: Domenic Denicola <notifications@github.com>
- Date: Fri, 05 Jun 2020 08:30:58 -0700
- To: whatwg/storage <storage@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/storage/issues/95/639566606@github.com>
In general I find the text in HTML much clearer and more detailed than what is in Storage today. So let me try to raise some specific concerns in this issue, before we proceed with merging https://github.com/whatwg/html/pull/5560. >> **User agents should not expire data from a browsing context's session storage areas, but may do so when the user requests that such data be deleted, or when the UA detects that it has limited storage space, or for security reasons.** User agents should always avoid deleting data while a script that could access that data is running. When a top-level browsing context is destroyed (and therefore permanently inaccessible to the user) the data stored in its session storage areas can be discarded with it, as the API described in this specification provides no way for that data to ever be subsequently retrieved. > > I think this mostly follows from the requirements we already have around UI, storage pressure, and tying storage to specific objects, except for the script running thingie. I have bolded a sentence which I cannot find a counterpart in Storage (after #93). >> **User agents should limit the total amount of space allowed for storage areas, because hostile authors could otherwise use this feature to exhaust the user's available disk space.** >> >> **User agents should guard against sites storing data under their origin's other affiliated sites, e.g., storing up to the limit in a1.example.com, a2.example.com, a3.example.com, etc, circumventing the main example.com storage limit.** >> >> **User agents may prompt the user when quotas are reached, allowing the user to grant a site more space. This enables sites to store many user-created documents on the user's computer, for instance.** >> >> **User agents should allow users to see how much space each domain is using.** >> >> A mostly arbitrary limit of five megabytes per origin is suggested. Implementation feedback is welcome and will be used to update this suggestion in the future. >> >> **For predictability, quotas should be based on the uncompressed size of data stored.** > > I think the other requirements are already captured by the existing text. I have bolded sentences for which I cannot find counterparts in Storage (after #93). It sounds like maybe you disagree with sentence 2, and I believe Chrome does too (our [most-starred bug](https://bugs.chromium.org/p/chromium/issues/detail?id=178980) is about guarding against this "attack", and I think we've decided to not address it). So that one perhaps should be dropped. But the others seem valuable. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/storage/issues/95#issuecomment-639566606
Received on Friday, 5 June 2020 15:31:11 UTC