There are two major missing features here: One: a way to + be secure against DNS spoofing (a database created over an SSL connection + covered by one cert should not be made accessible to content connecting + with another cert or with no cert). Two: there's no session-specific API, + so if you have two windows open at once, you can't interact with the site + doing two separate sessions unless the site goes out of its way to track + sessions itself, detecting when new tabs are opened, etc. sessionStorage[] + handles it, why doesn't this? Also, we need to be more explicit about disk + usage concerns, quota, etc. Some of the security notes from + globalStorage[] should maybe come down here. +
Each origin must have an associated database
unique to that origin. An author can interact with the database using the
executeSql()
diff --git a/source b/source
index 98b573f3754..c028f2dcb7f 100644
--- a/source
+++ b/source
@@ -26386,6 +26386,18 @@ interface StorageItem {
There are two major missing features here: One: + a way to be secure against DNS spoofing (a database created over an + SSL connection covered by one cert should not be made accessible to + content connecting with another cert or with no cert). Two: there's + no session-specific API, so if you have two windows open at once, + you can't interact with the site doing two separate sessions unless + the site goes out of its way to track sessions itself, detecting + when new tabs are opened, etc. sessionStorage[] handles it, why + doesn't this? Also, we need to be more explicit about disk usage + concerns, quota, etc. Some of the security notes from + globalStorage[] should maybe come down here.
+Each origin must have an associated database unique
to that origin. An author can interact with the database using the
executeSql() method.