Re: [Bug 11606] New: wanted: awareness of non-persistent web storage from Ian Hickson on 2011-04-29 (public-webapps@w3.org from April to June 2011)

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 29 Apr 2011 21:20:14 +0000 (UTC)
To: Glenn Maynard <glenn@zewt.org>
cc: public-webapps@w3.org
Message-ID: <Pine.LNX.4.64.1104292116530.19153@ps20323.dreamhostps.com>

On Sun, 26 Dec 2010, Glenn Maynard wrote:
>
> This made me wonder about this:
> 
> > When support for a feature is disabled (e.g. as an emergency measure 
> > to mitigate a security problem, or to aid in development, or for 
> > performance reasons), user agents must act as if they had no support 
> > for the feature whatsoever, and as if the feature was not mentioned in 
> > this specification. For example, if a particular feature is accessed 
> > via an attribute in a Web IDL interface, the attribute itself would be 
> > omitted from the objects that implement that interface — leaving the 
> > attribute on the object but making it return null or throw an 
> > exception is insufficient.
> 
> vs. this:
> 
> > The user agent may throw a SECURITY_ERR exception instead of returning 
> > a Storage object if the request violates a policy decision (e.g. if 
> > the user agent is configured to not allow the page to persist data).
> 
> If localStorage is disabled due to user configuration, which rule 
> applies?  The former (remove the feature entirely) is much better for me 
> as a developer.  I've already had to write code to test putting data in 
> localStorage and see if it throws an exception, on top of simply saying 
> "'localStorage' in window".

These are not mutually exclusive. If localStorage is disabled, then it 
must act as if it's not there. However, if it's enabled but configured to 
not allow a particular page to access data, or if it is disabled after a 
particular page has obtained the Window object on which the localStorage 
attribute is found, then the second clause applies.

This is more detail than we normally put into this kind of thing but in 
this particular case IIRC the detail was added in response to some 
questions from implementors about some relevant edge cases.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 29 April 2011 21:20:37 UTC