[Webkit-unassigned] [Bug 63257] When blocking localStorage, Firefox throws a security exception on access, and maybe so should we

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=63257


Dan Carney <dcarney at google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #163879|0                           |1
        is obsolete|                            |




--- Comment #17 from Dan Carney <dcarney at google.com>  2012-09-14 03:11:17 PST ---
Created an attachment (id=164084)
 --> (https://bugs.webkit.org/attachment.cgi?id=164084&action=review)
Another round - still chromium only complete

Okay, I've taken the above comments into consideration, and done the following:

* moved all the checks into the StorageAreaImpls and inlined the calls in StorageArea. This seemed like the most elegant way to handle the conflicting requirements of private browsing and the chromium access check.

* introduced a canAccessStorage method which in the default implementation just checks for a detached frame. I'm not sure if this actually correct as I need to check what Firefox does here.

* for chromium, introduced an access check cache and optimized the code paths for the cached case as apparently this really slows down storage access.  This obsoletes https://bugs.webkit.org/show_bug.cgi?id=88412.  Note that this means all accesses after the user has the storage object are likely to succeed even if the permissions are changed.

If everyone is okay with this approach, I'll clean up the code and fix the JSC bindings.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.