Open Bug 794969 Opened 9 years ago Updated 2 years ago

Remove app data from nsDOMStorageMemoryDB when clear data is requested


(Core :: DOM: Core & HTML, defect, P5)




blocking-basecamp -


(Reporter: mounir, Unassigned)



Follow-up from bug 786301.

I don't know if that should block.

The only reasons I see why it should block is in the case where someone clear all app data and goes back to the app and still see sessionStorage data there. This user might believe we actually did not remove data.
I don't think we should bother clearing sessionStorage. SessionStorage isn't terribly different from local JS variables from a privacy point of view. Yanking it out under existing pages won't provide the user any real privacy since things like javascript variables are still there.

Though it might make sense to do something once we add support for session restore which does saves the sessionStorage object across app/webpage restart.
Jonas, my point wasn't that we *need* to wipe session storage for user privacy but we need this because users might clear an app private data and still see some information from session store in the app and might think of a bug. That might give a bad perception of our commitment to protect private data. Given that the amount work involved to do that is small and it will not have any downside, I believe we should just do it.
Since we don't have user-exposed tools for seeing sessionStorage data being present, not blocking on this.
blocking-basecamp: ? → -

Move all DOM bugs that haven’t been updated in more than 3 years and has no one currently assigned to P5.

If you have questions, please contact :mdaly.
Priority: -- → P5
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.