[Webkit-unassigned] [Bug 168631] New: Non-persistent third party iframe localStorage
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 20 19:52:27 PST 2017
https://bugs.webkit.org/show_bug.cgi?id=168631
Bug ID: 168631
Summary: Non-persistent third party iframe localStorage
Classification: Unclassified
Product: WebKit
Version: Safari 10
Hardware: All
OS: All
Status: NEW
Severity: Normal
Priority: P2
Component: JavaScriptCore
Assignee: webkit-unassigned at lists.webkit.org
Reporter: malteubl at google.com
Safari behaves differently for localStorage accessed in third party context compared to other browsers in 2 fundamental ways:
1. Storage is scoped to the entire chain of iframes.
2. Storage is non-persistent. Data is deleted when browsers exit.
#1 seems great and working as intended, but while talking with John Wilander on Twitter we were wondering if #2 might be a bug. (https://twitter.com/johnwilander/status/833462485592125441)
Here is a simple test case http://output.jsbin.com/siwulo/1/quiet
- Press +1 a few times
- Hit reload. Observe that count is kept.
- Restart Safari (Desktop or iOS)
- Load page again. Observe that count is 0 again.
Is this behavior intended? On Desktop where Safari may be running for many months and on mobile where it is very unpredictable when it restarts, this seems unpredictable with little actual privacy benefit.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20170221/bf273bb9/attachment.html>
More information about the webkit-unassigned
mailing list