Closed
Bug 542730
Opened 14 years ago
Closed 7 years ago
localStorage logic bugs, bad interaction with cookie handling logic
Categories
(Firefox :: Settings UI, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: cultureanew, Unassigned)
Details
Attachments
(2 files)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 The localStorage permissions in 3.6 do not mix well with the cookie permissions in 3.6. In some cases it is possible to 'hide' localStorage data from the user (#1, #4), in other cases the user might be confused by permission prompts and unintentionally make localStorage inaccessible (#2). There is also an interface bug in one scenario (#3). Reproducible: Always Steps to Reproduce: ========== #1 ========== CONFIGURATION Privacy History Firefox will: Use custom settings for history Accept cookies from sites Keep until: ask me every time Clear recent history...(Everything) Cookies Site Preferences REPRODUCE Reload localStorage.html (via Reload button) [the user is prompted] The site ____ wants to set a cookie Use my choice for all cookies from this site Allow [the localStorage data IS saved, yet the user is prompted] This website (____) is asking to store data on your computer for offline use. Not Now Firefox Preferences Advanced Network Offline Storage The following websites have stored data for offline use: [the site that stored the test data does NOT appear on the list] ========== #2 ========== CONFIGURATION Privacy History Firefox will: Use custom settings for history Accept cookies from sites Keep until: ask me every time Clear recent history...(Everything) Cookies Site Preferences REPRODUCE Reload localStorage.html (via Reload button) [the user is prompted] The site ____ wants to set a cookie Use my choice for all cookies from this site Deny [the localStorage data is NOT saved, yet the user is prompted] This website (____) is asking to store data on your computer for offline use. Allow Firefox Preferences Advanced Network Offline Storage The following websites have stored data for offline use: [the site that stored the test data DOES appear on the list, 0 bytes, yet localStorage is inacccessible because of cookie permissions] ========== #3 ========== CONFIGURATION Privacy History Firefox will: Use custom settings for history Accept cookies from sites Keep until: ask me every time Clear recent history...(Everything) Cookies Site Preferences REPRODUCE Reload localStorage.html (via Location bar, entering location and pressing ENTER) [the user is prompted with a Confirm setting cookie dialog box that is BLANK] dismiss blank dialog via Close Window ========== #4 ========== CONFIGURATION Privacy History Firefox will: Use custom settings for history Accept cookies from sites Keep until: ask me every time Clear recent history...(Everything) Cookies Site Preferences REPRODUCE Edit the html element properties in localStorage.html, removing manifest="localStorage.manifest" Reload localStorage.html (via Reload button) [the user is prompted] The site ____ wants to set a cookie Use my choice for all cookies from this site Allow [the localStorage data IS saved, the user is NOT prompted for offline use permission] Firefox Preferences Advanced Network Offline Storage The following websites have stored data for offline use: [the site that stored the test data does NOT appear on the list] Actual Results: The localStorage status, and behavior, was at best non-intuitive, if not broken. Expected Results: Accessible localStorage when permission was granted, inaccessible localStorage when permission was denied, and accurate information when attempting to view the status of localStorage. While the interpretation of the current draft of the HTML5 specification may be difficult; if the 3.6 implementation does really conform to the specification then it is my opinion that the HTML5 specification is deficient.
|
||
Comment 3•14 years ago
|
||
I see another problem combination with localStorage and cookie handling preference. I'm a developer on a team developing a proprietary application on Mac OSX, Linux and Windows. In the JavaScript code running on Firefox as part of that application, Firefox 3.6 on the stated platforms would throw a security exception when attempting to access window.localStorage when the cookie acceptance policy was "ask me every time", but would run to completion (the page would load fully) when I created an cookie exception for the IP address of the server to "accept for session". If whoever ends up working on this wants a simpler reproduction, I can try to provide one. Right now the only reproduction is with a relatively bulky amount of proprietary code. This problem seems clear enough that a code inspection might uncover the cause, but let me know if you need some code with which to reproduce it.
(In reply to comment #3) If I'm not mistaken, the attached files can be used to reproduce the problem you've described. In that example, the isStorageAccessible() function catches the exception mentioned (when localStorage is inaccessible). After reporting the issue I skimmed the Firefox source and noticed that the problem might be 'as designed', because of an if() that had a comment about the intent to always disallow if 'ask every time' were set for cookies. My guess is that having the 'ask' prompt appear during localStorage permission checks would be difficult to implement (based on the ineffective behavior of the tardy 'asking to store data' prompt, when a manifest is present), but this is only a guess.
(In reply to comment #0) Oops, I forgot to mention CONFIGURATION Firefox Preferences Advanced Network Tell me when a website asks to store data for offline use: yes for all (#1, #2, #3, #4) of the tests described.
|
||
Comment 6•7 years ago
|
||
I don't think this applies anymore.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•