Re: [webstorage] origin security check

On Fri, 10 Jun 2011, Marcos Caceres wrote:
> On Thu, Jun 9, 2011 at 6:07 PM, Ian Hickson <ian@hixie.ch> wrote:
> > On Thu, 9 Jun 2011, Marcos Caceres wrote:
> >>
> >> tiny quick editorial request, where the spec says:
> >>
> >> "When the localStorage attribute is accessed, the user agent must run
> >> the following steps:"
> >>
> >> Can you please change that to:
> >>
> >> "When the localStorage attribute is accessed, the user agent must run
> >> the origin security check."
> >>
> >> And then independently define just label the algorithm "origin
> >> security check" (or name it something better).
> >>
> >> I need to use the same text in another spec and would prefer to link
> >> instead of copy/paste.
> >
> > Done.
> 
> Thanks! :)
> 
> > Just out of interest, what's the context for this? These steps are pretty
> > specific to localStorage (and are not the complete security story -- see
> > the later section on security), so I'm surprised to hear these particular
> > steps would be reused.
> 
> Context is the widget.preference attribute, which implements Storage
> (but supports some widgety things, like read-only keys/values):
> 
> http://dev.w3.org/2006/waf/widgets-api/#the-preferences-attribute
> 
> I'm want to replace the following section with the link to the Storage spec:
> http://dev.w3.org/2006/waf/widgets-api/#preference-origin-security-check0

The algorithm we're talking about here wouldn't work for that; steps 3 and 
4 in particular would mean that .preferences always returned the same 
object as .localStorage.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Friday, 10 June 2011 19:17:24 UTC