Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[g] (2) To help Mozilla transition to the new API, renaming globalSto…
…rage to localStorage. The irony is not lost on me.

git-svn-id: http://svn.whatwg.org/webapps@1201 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
Hixie committed Feb 9, 2008
1 parent 9b2d849 commit 6b60ccd
Show file tree
Hide file tree
Showing 2 changed files with 78 additions and 78 deletions.
94 changes: 47 additions & 47 deletions index
Expand Up @@ -1170,8 +1170,8 @@
<li><a href="#the-sessionstorage"><span class=secno>4.10.3 </span>The
<code title=dom-sessionStorage>sessionStorage</code> attribute</a>

<li><a href="#the-globalstorage"><span class=secno>4.10.4 </span>The
<code title=dom-globalStorage>globalStorage</code> attribute</a>
<li><a href="#the-localstorage"><span class=secno>4.10.4 </span>The
<code title=dom-localStorage>localStorage</code> attribute</a>

<li><a href="#the-storage0"><span class=secno>4.10.5 </span>The <code
title=event-storage>storage</code> event</a>
Expand Down Expand Up @@ -25397,7 +25397,7 @@ never reset. This is nice and consistent.)
// the user agent
readonly attribute <a href="#clientinformation">ClientInformation</a> <a href="#navigator" title=dom-navigator>navigator</a>; <!-- XXX IE6 also has window.clientInformation pointing to this same object -->
readonly attribute <a href="#storage0">Storage</a> <a href="#sessionstorage" title=dom-sessionStorage>sessionStorage</a>;
readonly attribute <a href="#storage0">Storage</a> <a href="#globalstorage" title=dom-globalStorage>globalStorage</a>;
readonly attribute <a href="#storage0">Storage</a> <a href="#localstorage" title=dom-localStorage>localStorage</a>;
<a href="#database0">Database</a> <a href="#opendatabase" title=dom-opendatabase>openDatabase</a>(in DOMString name, in DOMString version, in DOMString displayName, in unsigned long estimatedSize);

// modal user prompts
Expand Down Expand Up @@ -30207,9 +30207,9 @@ user reload must be equivalent to .reload()
<p>Again, cookies do not handle this case well, because they are
transmitted with every request.

<p>The <code title=dom-globalStorage><a
href="#globalstorage">globalStorage</a></code> DOM attribute is used to
access a page's global storage area.
<p>The <code title=dom-localStorage><a
href="#localstorage">localStorage</a></code> DOM attribute is used to
access a page's local storage area.

<div class=example>
<p>The site at example.com can display a count of how many times the user
Expand All @@ -30221,17 +30221,17 @@ user reload must be equivalent to .reload()
time(s).
&lt;/p>
&lt;script>
if (!globalStorage.pageLoadCount)
globalStorage.pageLoadCount = 0;
globalStorage.pageLoadCount = parseInt(globalStorage.pageLoadCount, 10) + 1;
document.getElementById('count').textContent = globalStorage.pageLoadCount;
if (!localStorage.pageLoadCount)
localStorage.pageLoadCount = 0;
localStorage.pageLoadCount = parseInt(localStorage.pageLoadCount, 10) + 1;
document.getElementById('count').textContent = localStorage.pageLoadCount;
&lt;/script></pre>
</div>

<p>Each <a href="#origin0">origin</a> has its own separate storage area.

<p>Storage areas (both session storage and global storage) store strings.
To store structured data in a storage area, you must first convert it to a
<p>Storage areas (both session storage and local storage) store strings. To
store structured data in a storage area, you must first convert it to a
string.

<h4 id=the-storage><span class=secno>4.10.2 </span>The <code><a
Expand Down Expand Up @@ -30266,7 +30266,7 @@ interface <dfn id=storage0>Storage</dfn> {
with a list of key/value pairs when it is created, as defined in the
sections on the <code title=dom-sessionStorage><a
href="#sessionstorage">sessionStorage</a></code> and <code
title=dom-globalStorage><a href="#globalstorage">globalStorage</a></code>
title=dom-localStorage><a href="#localstorage">localStorage</a></code>
attributes. Multiple separate objects implementing the <code><a
href="#storage0">Storage</a></code> interface can all be associated with
the same list of key/value pairs simultaneously.
Expand Down Expand Up @@ -30319,7 +30319,7 @@ interface <dfn id=storage0>Storage</dfn> {
that can access the newly stored data, as defined in the sections on the
<code title=dom-sessionStorage><a
href="#sessionstorage">sessionStorage</a></code> and <code
title=dom-globalStorage><a href="#globalstorage">globalStorage</a></code>
title=dom-localStorage><a href="#localstorage">localStorage</a></code>
attributes.</p>
<!--
not normative, see the sections below for the normative statement
Expand Down Expand Up @@ -30423,43 +30423,43 @@ interface <dfn id=storage0>Storage</dfn> {
title=event-storage><a href="#storage1">storage</a></code> event must be
fired, as <a href="#storage1" title=event-storage>described below</a>.

<h4 id=the-globalstorage><span class=secno>4.10.4 </span>The <code
title=dom-globalStorage><a href="#globalstorage">globalStorage</a></code>
<h4 id=the-localstorage><span class=secno>4.10.4 </span>The <code
title=dom-localStorage><a href="#localstorage">localStorage</a></code>
attribute</h4>

<p>The <dfn id=globalstorage
title=dom-globalStorage><code>globalStorage</code></dfn> object provides a
<p>The <dfn id=localstorage
title=dom-localStorage><code>localStorage</code></dfn> object provides a
<code><a href="#storage0">Storage</a></code> object for <a
href="#origin0">origin</a>.

<p>User agents must have a set of global storage areas, one for each <a
<p>User agents must have a set of local storage areas, one for each <a
href="#origin0">origin</a>.

<p>User agents should only expire data from the global storage areas for
<p>User agents should only expire data from the local storage areas for
security reasons or when requested to do so by the user. User agents
should always avoid deleting data while a script that could access that
data is running. Data stored in global storage areas should be considered
data is running. Data stored in local storage areas should be considered
potentially user-critical. It is expected that Web applications will use
the global storage areas for storing user-written documents.
the local storage areas for storing user-written documents.

<p>When the <code title=dom-globalStorage><a
href="#globalstorage">globalStorage</a></code> attribute is accessed, the
user agent must check to see if it has allocated global storage area for
<p>When the <code title=dom-localStorage><a
href="#localstorage">localStorage</a></code> attribute is accessed, the
user agent must check to see if it has allocated local storage area for
the <a href="#origin0">origin</a> of the <a href="#browsing0">browsing
context</a> within which the script is running. If it has not, a new
storage area for that origin must be created.

<p>The user agent must then create a <code><a
href="#storage0">Storage</a></code> object associated with that origin's
global storage area, and return it.
local storage area, and return it.

<p id=globalStorageEvent>When the <code title=dom-Storage-setItem><a
<p id=localStorageEvent>When the <code title=dom-Storage-setItem><a
href="#setitem">setItem()</a></code> method is called on a <code><a
href="#storage0">Storage</a></code> object <var title="">x</var> that is
associated with a global storage area, then in every <code><a
associated with a local storage area, then in every <code><a
href="#htmldocument">HTMLDocument</a></code> object whose <code><a
href="#window">Window</a></code> object's <code title=dom-globalStorage><a
href="#globalstorage">globalStorage</a></code> attribute's <code><a
href="#window">Window</a></code> object's <code title=dom-localStorage><a
href="#localstorage">localStorage</a></code> attribute's <code><a
href="#storage0">Storage</a></code> object is associated with the same
storage area, other than <var title="">x</var>, a <code
title=event-storage><a href="#storage1">storage</a></code> event must be
Expand All @@ -30472,7 +30472,7 @@ interface <dfn id=storage0>Storage</dfn> {
event is fired in an <code><a href="#htmldocument">HTMLDocument</a></code>
when a storage area changes, as described in the previous two sections (<a
href="#sessionStorageEvent">for session storage</a>, <a
href="#globalStorageEvent">for global storage</a>).
href="#localStorageEvent">for local storage</a>).

<p>When this happens, the user agent must dispatch an event with the name
<code><a href="#storage0">storage</a></code>, with no namespace, which
Expand Down Expand Up @@ -30577,7 +30577,7 @@ interface <dfn id=storage0>Storage</dfn> {
<p>There are various ways of implementing this requirement. One is that if
a script running in one browsing context accesses a global storage area,
the UA blocks scripts in other browsing contexts when they try to access
the global storage area for the same origin until the first script has
the local storage area for the same origin until the first script has
executed to completion. (Similarly, when a script in one browsing context
accesses its session storage area, any scripts that have the same top
level browsing context and the same origin would block when accessing
Expand All @@ -30593,7 +30593,7 @@ interface <dfn id=storage0>Storage</dfn> {

<p>A third-party advertiser (or any entity capable of getting content
distributed to multiple sites) could use a unique identifier stored in its
global storage area to track a user across multiple sessions, building a
local storage area to track a user across multiple sessions, building a
profile of the user's interests to allow for highly targeted advertising.
In conjunction with a site that is aware of the user's real identity (for
example an e-commerce site that requires authenticated credentials), this
Expand All @@ -30606,8 +30606,8 @@ interface <dfn id=storage0>Storage</dfn> {
<ul>
<li>
<p>Blocking third-party storage: user agents may restrict access to the
<code title=dom-globalStorage><a
href="#globalstorage">globalStorage</a></code> object to scripts
<code title=dom-localStorage><a
href="#localstorage">localStorage</a></code> object to scripts
originating at the domain of the top-level document of the <a
href="#browsing0">browsing context</a>, for instance denying access to
the API for pages from other domains running in <code><a
Expand All @@ -30629,7 +30629,7 @@ interface <dfn id=storage0>Storage</dfn> {
<p>However, this also puts the user's data at risk.</p>
<!-- XXX should there be an explicit way for sites to state when
data should expire? as in
globalStorage.expireData(365); ? -->
localStorage.expireData(365); ? -->


<li>
Expand All @@ -30642,9 +30642,9 @@ interface <dfn id=storage0>Storage</dfn> {
suspicion.</p>

<li>
<p>Site-specific white-listing of access to global storage areas: user
<p>Site-specific white-listing of access to local storage areas: user
agents may allow sites to access session storage areas in an
unrestricted manner, but require the user to authorise access to global
unrestricted manner, but require the user to authorise access to local
storage areas.</p>

<li>
Expand Down Expand Up @@ -30697,7 +30697,7 @@ interface <dfn id=storage0>Storage</dfn> {
that a host claiming to be in a certain domain really is from that domain.
To mitigate this, pages can use SSL. Pages using SSL can be sure that only
pages using SSL that have certificates identifying them as being from the
same domain can access their global storage areas.
same domain can access their local storage areas.

<h5 id=cross-directory><span class=secno>4.10.7.4. </span>Cross-directory
attacks</h5>
Expand Down Expand Up @@ -31276,14 +31276,14 @@ interface <dfn id=sqlstatementerrorcallback>SQLStatementErrorCallback</dfn> {

<h4 id=privacy><span class=secno>4.11.7 </span>Privacy</h4>

<p>In contrast with the <code title=dom-globalStorage><a
href="#globalstorage">globalStorage</a></code> feature, which
intentionally allows data to be accessed across multiple domains,
protocols, and ports (albeit in a controlled fashion), this database
feature is limited to scripts running with the same <a
href="#origin0">origin</a> as the database. Thus, it is expected that the
privacy implications be equivalent to those already present in allowing
scripts to communicate with their originating host.
<p>In contrast with the <code title=dom-localStorage><a
href="#localstorage">localStorage</a></code> feature, which intentionally
allows data to be accessed across multiple domains, protocols, and ports
(albeit in a controlled fashion), this database feature is limited to
scripts running with the same <a href="#origin0">origin</a> as the
database. Thus, it is expected that the privacy implications be equivalent
to those already present in allowing scripts to communicate with their
originating host.

<p>User agents are encouraged to treat data stored in databases in the same
way as cookies for the purposes of user interfaces, to reduce the risk of
Expand Down

0 comments on commit 6b60ccd

Please sign in to comment.