- From: Caleb Queern <cqueern@gmail.com>
- Date: Mon, 20 Jul 2015 10:03:04 -0700
- To: "public-webappsec@w3.org" <public-webappsec@w3.org>
- Message-ID: <CAEnXMMp9Gb2709F9EHJj-2UFwcu1M2w8CQRSrg=ko0HN7kDQ0g@mail.gmail.com>
Hello all, Currently the abstract of the spec for Clear Site Data reads that CSD is: "an imperative mechanism which allows web developers to instruct a user agent to clear a user’s locally stored data related to a host and its subdomains." However, I don't believe the spec addresses some information that some browsers retain related to a host and its subdomains, as it is currently written. If I'm not mistaken, autofill (at least in Chrome) remembers the searches I run against a site. For example, when entering a query on a site's search field, if I've run searches using that site's search field in the past, Chrome may begin autofilling the input field with the searches I've run on that site in the past. That is to say, those traces of my previous visits are site-specific (host-specific, not cross origin) yet would persist on the client even if the developers implement Clear Site Data. I'm not suggesting that the spec needs to address this specific behavior but that it should be written to clarify that this example of locally stored data related to a host and its subdomains is or is not cleared by the CSD directive.
Received on Monday, 20 July 2015 17:11:11 UTC