[whatwg] Web Storage: apparent contradiction in spec

Jeremy Orlow jorlow at chromium.org
Tue Aug 25 14:41:07 PDT 2009

On Tue, Aug 25, 2009 at 2:16 PM, Jeremy Orlow <jorlow at chromium.org> wrote:

> On Tue, Aug 25, 2009 at 2:09 PM, Brady Eidson <beidson at apple.com> wrote:
>> On Aug 25, 2009, at 1:38 PM, Linus Upson wrote:
>> It is important that all local state be treated as a cache. User agents
>> need to be free to garbage collect any local state. If they can't then
>> attackers (or the merely lazy) will be able to fill up the user's disk. We
>> can't expect web sites or users to do the chore of taking out the garbage.
>> Better user agents will have better garbage collection algorithms.
>> It would be better to remove section 4.3.
>> I disagree.
>> One key advantage of LocalStorage and Databases over cookies is that they
>> *do* have a predictable, persistent lifetime, and the browser is *not*
>> allowed to prune them at will.
>> User agents are perfectly allowed to not allow new items to go into
>> LocalStorage or Database Storage once some quota is met, or if the user has
>> disabled it for that domain, or disabled it altogether, or if the disk is
>> filling up, or any other number of circumstances.
>> But once the data is stored, it should be considered user data - as
>> "sacred" as a user's file on the file system.
> What happens when your computer blows up?  When you switch browsers?  What
> about when you re-install your OS?  etc
> What about mobile devices where 5mb is actually a lot of space?  What
> happens when a malicious site fills up all of your localStorage space?
>  You're saying the UAs should not be free to have heuristics about what to
> delete?  What do they do then?

I just re-read your message and noticed that you suggested local storage
should stop working when it's filled up.  First of all, this seems
completely unacceptable to me, especially since we don't have a good answer
yet (besides quotas which are probably enough for your average desktop, but
probably not your average mobile or netbook) to the problem of malicious
sites filling up local storage with multiple sub domains.

Also, consider this scenario: you fill up your hard drive only 50% of the
way with localStorage data.  (Possibly by a malicious site, and thus the
user is unaware.)  Now you try to install a bunch of apps (maybe even over
time) that consume the rest of the hard drive.  So now the user is either
SOL unless they can realize this space has gone to their browser and can
figure out how to delete it?

> Note this exact point has been discussed on this list before, and IIRC the
> outcome was that localStorage should be treated like cookies: we'll try to
> keep them around, but the app should be resilient to them going away.

One previous reference:
I thought there was more discussion, but I couldn't find anything
than this thread after a quick search.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20090825/93bc20a9/attachment-0002.htm>

More information about the whatwg mailing list