Closed ghost closed 10 years ago
When I say "local storage", I mean window.localStorage, and nothing else. Confusion I guess is because when you say "local storage", you have ni mind all sort of local storages, while I refer specifically to one type, the one I could do something about in HTTPSB. For that particular one, I do evaluate whether cookies are red in the matrix, for the specific hostname, and if so, I tell the content script to empty the content of window.localStorage
. But to clear all kind of local storages (lets use plural to end the confusion), there is no API than the browsingData API, which works based on time, not origin.
Ok, forget what I say above, I am re-reading your comment line by line, and I really don't understand what is the confusion. Let's go one line at a time before moving to the next.
On the other hand, web storage falls exclusively under the purview of client-side scripting. Doesn't contradict this your reference to cookies above?
I don't understand what contradicts what. I will spell out the technical details:
window.localStorage
presentwindow.localStorage
window.localStorage
storeThat's it. In few words, HTTPSB checks whether cookies are blocked as per matrix, and if so empties the localStorage container.
Thanks - now I understand. Confusion eliminated.
This issue should nevertheless remain open with regard to what we discussed in #66, shouldn't it?
After I commented above, I thought maybe you worried that since blocked cookies would be allowed to go through with the setting we talked about in #66, than localStorage might also be affected. To clarify, internally, the matrix would still report cookies as blocked, it's just that the setting would tell the outgoing headers handler to let them pass even if they are marked as generically blocked in the matrix. So in short, the special setting in #66 would have absolutely no effect on existing localStorage code.
Ah, I see - very good! So if I understand this correctly we can close this issue, can't we? Unless the "sledgehammer" which you mentioned should also be covered by this issue. Are you still planning to implement it somehow?
We had been discussing local storage in issue #66. There is a need to reliably remove the (content of) local storage (also known as "super-cookies"). This is particularly important if we select "Allow local data to be set" in the Chrome cookie settings as a precondition for the new option discussed in above issue.
I've been pondering on local storage in general and must admit that I'm unsure how HTTPSB handles it:
You see, I'm completely confused about how HTTPSB treats local storage.