[Webkit-unassigned] [Bug 56703] New: window.localStorage should throw SECURITY_ERR when localStorage is disabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 18 20:08:41 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=56703

           Summary: window.localStorage should throw SECURITY_ERR when
                    localStorage is disabled
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://dev.w3.org/html5/webstorage/#dom-localstorage
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: opendarwin at lapcatsoftware.com


According to http://dev.w3.org/html5/webstorage/#dom-localstorage

    When the localStorage attribute is accessed, the user agent must run the following steps:
    1. The user agent may throw a SECURITY_ERR exception instead of returning a Storage object if the request violates a policy decision (e.g. if the user agent is configured to not allow the page to persist data).
    2. If the Document's origin is not a scheme/host/port tuple, then throw a SECURITY_ERR exception and abort these steps.
    3. Check to see if the user agent has allocated a local storage area for the origin of the Document of the Window object on which the attribute was accessed. If it has not, create a new storage area for that origin.
    4. Return the Storage object associated with that origin's local storage area. Each Document object must have a separate object for its Window's localStorage attribute.

Thus, if the user agent disabled localStorage and does not return a localStorage object, it is expected to throw a SECURITY_ERR.

However, DOMWindow::localStorage(ExceptionCode& ec) from Source/WebCore/page/DomWindow.cpp contains this code:

    if (!document->securityOrigin()->canAccessLocalStorage()) {
        ec = SECURITY_ERR;
        return 0;
    }

    Page* page = document->page();
    if (!page)
        return 0;

    if (!page->settings()->localStorageEnabled())
        return 0;

When local storage is not enabled, it does not raise SECURITY_ERR, it just returns null.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list