[whatwg] Web Storage: apparent contradiction in spec from Boris Zbarsky on 2009-08-31 (public-whatwg-archive@w3.org from August 2009)

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 31 Aug 2009 14:58:37 -0400
Message-ID: <4A9C1D5D.4070404@mit.edu>

Jens Alfke wrote:
> Local storage is a significant change from the browser's current data 
> model, and I think that (no offense) browser developers are not used to 
> taking care of user-critical data for longer than the duration of a DOM 
> tree or POST request. It's a change in perspective. Coming as I do from 
> a client-software world, it's actually an eye-opener to me that this is 
> even controversial.

It's controversial because, no offense, browser developers don't trust 
the website author, nor should the users.  At least to a first 
approximation.

This is a critical difference from client software, for better or worse.

We could restrict local storage to explicitly trusted sites and then not 
treat it as cookies; would that be preferable?  It might be. 
Alternately, it could be treated like cookies except for explicitly 
trusted sites... or something.

-Boris

Received on Monday, 31 August 2009 11:58:37 UTC