[Webkit-unassigned] [Bug 156651] WkWebview: calling localStorage.getItem() results in Uncaught Exception: SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=156651

--- Comment #2 from Brent Fulgham <bfulgham at webkit.org> ---
(In reply to comment #1)
> I guess you are using local file URIs, in which case this is expected
> behavior after r197858. You can access sessionStorage instead. It's
> unfortunate to have a compatibility break in a stable release, but this one
> looks unavoidable.
> 
> (If this is happening for http/https URIs, then we would need to reopen
> this.)
> 
> You miiight be able to access localStorage by using
> webkit_settings_set_allow_file_access_from_file_urls, but I haven't tested
> to see if that would work.

(In reply to comment #0)
> This issue appeared with the latest release of webkit2gtk (2.12.1). It does
> not occur with the previous version (2.12.0). Please let me know if there is
> any further information I can provide that might be helpful. Thanks.

The equivalent setting on iOS/OS X is how we deal with this for the WebInspector and other applications seeking to access local storage from local file content.

The point of the earlier security fix is to avoidance case of downloaded HTML content (such as e-mail attachments or JS injected into local contexts) from having access to your local file system and arbitrary local storage.

If you are serving local files in your applications, you can use the suggested preference to tell Webkit that you are approve of these kinds of interactions.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160416/828f1bf1/attachment.html>