[whatwg] Web Storage: apparent contradiction in spec
Jens Alfke
snej at google.com
Mon Aug 31 12:34:06 PDT 2009
On Aug 31, 2009, at 11:58 AM, Boris Zbarsky wrote:
> It's controversial because, no offense, browser developers don't
> trust the website author, nor should the users. At least to a first
> approximation.
Over on another thread of this list we've already been talking about
the need to get the user's permission before a site can use [more than
a certain minimum of] local storage. So that implies the user
expressing a degree of trust in the site, at least enough trust to let
it use a sliver of her hard disk.
I agree that if an app is just storing a few kbytes of local storage
without the user's informed consent, that's just the moral equivalent
of a cookie and ought to be treated as such.
> We could restrict local storage to explicitly trusted sites and then
> not treat it as cookies; would that be preferable? It might be.
That would be fine. The problem is that this seems to require an API
change to allow the site to distinguish between "persistent storage
I'm just using quietly as a cookie", and "persistent storage I want to
be able to store larger amounts of possibly user-critical data in".
—Jens
More information about the whatwg
mailing list