Re: [widgets] Comments on Section 5 of the 18-Aug-2009 LCWD of A&E spec from Arthur Barstow on 2009-09-14 (public-webapps@w3.org from July to September 2009)

From: Arthur Barstow <Art.Barstow@nokia.com>
Date: Mon, 14 Sep 2009 08:01:21 -0400
To: "marcosc@opera.com" <marcosc@opera.com>
Cc: public-webapps <public-webapps@w3.org>
Message-Id: <0D349C6B-8789-4D43-BABE-BD0C8916D26B@nokia.com>

On Sep 13, 2009, at 3:23 PM, ext Marcos Caceres wrote:

> On Wed, Sep 9, 2009 at 10:07 PM, Arthur Barstow  
> <art.barstow@nokia.com> wrote:
>>
>> 3. The following statement doesn't seem necessary given  
>> preferences is of
>> type Storage; as such, I think it should be removed:
>>
>> [[
>> A user agent must have the ability to directly read and write to  
>> the storage
>> area (i.e., without needing to make use of the [WebStorage]  
>> specification's
>> Storage interface) and must  have the ability to delete a storage  
>> area.
>> ]]
>
> I don't agree. The above gives a storage area the ability to be
> populated with config.xml <preference> data without the UA using the
> Storage interface. This is important, as events must not be fired
> during pre-population.
>
> However, it might be that the above assertion needs to be rewritten to
> directly address the <preference> use case (hence making the assertion
> more testable). WDYT?

Section 6. should prescribe everything that needs to be said thus I  
don't think the text I quoted is necessary. If Section 6 doesn't  
sufficiently address the mapping to <preference>, then yes, it should  
be updated.


>> 6. The following assertion is another implementation detail that  
>> should be
>> removed or made non-normative:
>>
>> [[
>> A user agent should impose their own implementation-specific  
>> limits on the
>> length of otherwise unconstrained keys and values of a storage  
>> area, e.g. to
>> prevent denial of service attacks, to guard against running out of  
>> memory,
>> or to work around platform-specific limitations.
>> ]]
>
> The above is a boilerplate "hot potato" assertion, that puts the onus
> of securing the implementation on implementers. It's basically there
> to protect the WG from people asking "what happens if I try to
> store/do something strange". I don't know if we should remove it.

I don't think the quoted text above provides any protection nor  
particular value [hint: nuke it or make it a Note].

-Regards, Art Barstow

Received on Monday, 14 September 2009 12:02:22 UTC