- From: Brady Eidson <beidson@apple.com>
- Date: Tue, 25 Aug 2009 15:40:14 -0700
On Aug 25, 2009, at 3:31 PM, Michael Nordman wrote: > The statement in section 4.3 doesn't appear to specify any > behavior... its just an informational statement. > > The statement in section 6.1 suggests to prohibit the development of > a UI that mentions local storage as a distinct repository seperate > from cookies. This doesn't belong in the spec imho. > > I think both of these statements should be dropped from the spec. If all browsers go through great lengths to ensure that this data is as persistent as a local user file, but one browser decides it's only a cache and can prune it at will, then developers cannot rely on it. I don't think 4.3 should be dropped - I think it should be strengthened to actually protect the data from any action not authorized by the user. Browsers who wish to treat it as a local cache that they can prune at any time could give the user a checkbox labeled "Let me delete your stored data whenever I want" and this would qualify. ;) Yes, that's an unrealistic, hyperbolic example, but I stand by the point it illustrates! ~Brady PS: I am ambivalent about section 6.1, other than to reiterate I don't think the current language actually reflects the intended message. > > Ultimately I think UAs will have to prop up out-of-band > permissioning schemes to make stronger guarantees about how long > lived 'local data' that accumulates really is. > > On Tue, Aug 25, 2009 at 3:19 PM, Aaron Boodman <aa at google.com> wrote: > On Tue, Aug 25, 2009 at 2:44 PM, Jeremy Orlow<jorlow at chromium.org> > wrote: > > Ok, well I guess we should go ahead and have this discussion > now. :-) Does > > anyone outside of Apple and Google have an opinion on the matter > (since I > > think it's pretty clear where we both stand). > > FWIW, I tend to agree more with the Apple argument :). I agree that > the multiple malicious subdomains thing is unfortunate. Maybe the > quotas should be per eTLD instead of -- or in addition to -- > per-origin? Malicious developers could then use multiple eTLDs, but at > that point there is a real cost. > > Extensions are an example of an application that is less cloud-based. > It would be unfortunate and weird for extension developers to have to > worry about their storage getting tossed because the UA is running out > of disk space. > > It seems more like if that happens the UA should direct the user to UI > to free up some storage. If quotas were enforced at the eTLD level, > wouldn't this be really rare? > > - a > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090825/57577bcd/attachment-0001.htm>
Received on Tuesday, 25 August 2009 15:40:14 UTC