[Webkit-unassigned] [Bug 32369] New: Support for storage and databases in sandboxed iframes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 10 02:18:51 PST 2009


https://bugs.webkit.org/show_bug.cgi?id=32369

           Summary: Support for storage and databases in sandboxed iframes
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Frames
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: patrik.j.persson at ericsson.com
                CC: darin at apple.com


This is a followup to bug 21288, which concerned the implementation of
the HTML5 iframe sandbox attribute.

How should WebKit interpret the HTML5 spec regarding sandboxed storage
and databases?  I believe the HTML5 spec does not say much explicitly
on this, but rather relies on the origin sandboxing.  Here is my
interpretation.

* I think sessionStorage would make sense with sandboxed origins.

* I think localStorage would end up equivalent to sessionStorage in a
  sandboxed frame, making it somewhat less useful. (The unique origin
  of a sandboxed frame means, in my interpretation, that the same
  frame would not be able to access its own localStorage in another
  session.)

* Similarly, I think a sandboxed database would be useful only within
  a session.  The database could be reclaimed when the session ends.
  This defeats much of the purpose of databases, but perhaps it would
  still be useful for compatibility.

The current implementation disables storage and databases in sandboxed
frames.  There is some more discussion in the thread for bug 21288,
comments 43..49:

https://bugs.webkit.org/show_bug.cgi?id=21288#c43

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list