[whatwg] Web Storage: apparent contradiction in spec

Jens Alfke snej at google.com
Mon Aug 31 12:34:06 PDT 2009


On Aug 31, 2009, at 11:58 AM, Boris Zbarsky wrote:

> It's controversial because, no offense, browser developers don't  
> trust the website author, nor should the users.  At least to a first  
> approximation.

Over on another thread of this list we've already been talking about  
the need to get the user's permission before a site can use [more than  
a certain minimum of] local storage. So that implies the user  
expressing a degree of trust in the site, at least enough trust to let  
it use a sliver of her hard disk.

I agree that if an app is just storing a few kbytes of local storage  
without the user's informed consent, that's just the moral equivalent  
of a cookie and ought to be treated as such.

> We could restrict local storage to explicitly trusted sites and then  
> not treat it as cookies; would that be preferable?  It might be.

That would be fine. The problem is that this seems to require an API  
change to allow the site to distinguish between "persistent storage  
I'm just using quietly as a cookie", and "persistent storage I want to  
be able to store larger amounts of possibly user-critical data in".

—Jens


More information about the whatwg mailing list