This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 22984 - Disk Space Problem #1: Specification suggests 5MB as a storage limit. This may not be enough for several applications. Problem #2: There is no way to grant the user the option to give the website [...]
Summary: Disk Space Problem #1: Specification suggests 5MB as a storage limit. This ma...
Status: RESOLVED NEEDSINFO
Alias: None
Product: WHATWG
Classification: Unclassified
Component: HTML (show other bugs)
Version: unspecified
Hardware: Other other
: P3 normal
Target Milestone: Needs Impl Interest
Assignee: Ian 'Hixie' Hickson
QA Contact: contributor
URL: http://www.whatwg.org/specs/web-apps/...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-08-16 14:57 UTC by contributor
Modified: 2013-10-28 20:36 UTC (History)
2 users (show)

See Also:

Attachments

Description contributor 2013-08-16 14:57:55 UTC 
Specification: http://dev.w3.org/html5/webstorage/
Multipage: http://www.whatwg.org/C#top
Complete: http://www.whatwg.org/c#top
Referrer: 

Comment:
Disk Space

Problem #1: Specification suggests 5MB as a storage limit. This may not be
enough for several applications.
Problem #2: There is no way to grant the user the option to give the website
more space.

Improvement on #1:
.1 - Sites with a SSL certificate which passed verification will have the
limit raised to 25MB storage limit (5x larger) with no extra effort required
for the client or server. The site owner has already gone through certain
lengths and investment to have a legitimate certificate and should be
automatically rewarded for that.

.2 - Conversely, SSL certificates who fail verification will have no write
access to localStorage. 
That is, window.localStorage MUST return an error 'write error: invalid SSL
certificate'.

The Browser MUST NOT delete localStorage information to reduce from 25MB to
5MB, or wipe information in the case of an invalid certificate, since those
situations can change dynamically. Stored information will still be available
until it is deleted by javascript commands or browser cache wipe, according to
other parts of the specification. 

If a site previously on SSL stored e.g. 7MB of data is then accesssed by plain
HTTP, window.localStorage.setValue() MUST return an error: 'write error:
storage quota exceeded'.



Improvement on #2: 
.1 - a window.localStorage.requestStorage(space in MB(int) | 'unlimited'
(str)) function MUST be available. The user provides a single argument, the
amount of MB it wants for storage. the value is not in addition to the default
5MB, it is the total amount of storage the script wants. The browser will
display a vendor-implemented message dialog box stating that the website is
requesting additional localStorage space for its information, giving the user
the option to accept or deny the granting of extra space.

The request will return a true/false indication whether the request has been
granted or not by the user, so that the app can act accordingly.

Vendors MUST provide per-site configuration options to revoke the extra space
granted and return to the default values.

.2 - Vendors MAY choose to implement global configuration settings to always
prompt/deny/accept requestStorage() requests, in which case no dialog box will
be presented. Likewise, per-site settings may override the default behaviour
in the global settings. If the vendor chooses to implement this, it is
recommended to have 'prompt' as the default, but not mandatory. A browser or
system configuration/installation wizard can set the initial configuration to
any of the 3 states according to user preference.


Posted from: 179.219.112.122
User agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
Comment 1 Ian 'Hixie' Hickson 2013-10-28 20:36:15 UTC 
Please file a separate bug for each request.

> Problem #1: Specification suggests 5MB as a storage limit. This may not be
> enough for several applications.
> Problem #2: There is no way to grant the user the option to give the website
> more space.

Just using the storage mechanism should be sufficient — the browser can asynchronously tell the user that the site is using space, and preemptively ask for an increased quota.


> .1 - Sites with a SSL certificate which passed verification will have the
> limit raised to 25MB storage limit (5x larger) with no extra effort required
> for the client or server. The site owner has already gone through certain
> lengths and investment to have a legitimate certificate and should be
> automatically rewarded for that.
> 
> .2 - Conversely, SSL certificates who fail verification will have no write
> access to localStorage. 
> That is, window.localStorage MUST return an error 'write error: invalid SSL
> certificate'.

I don't really see why we would tie this to SSL certificates. Can you elaborate?


> The Browser MUST NOT delete localStorage information to reduce from 25MB to
> 5MB, or wipe information in the case of an invalid certificate, since those
> situations can change dynamically. Stored information will still be available
> until it is deleted by javascript commands or browser cache wipe, according
> to other parts of the specification. 

The browser might delete the data at any time, e.g. if the user drops their laptop into a river.



> If a site previously on SSL stored e.g. 7MB of data is then accesssed by
> plain HTTP, window.localStorage.setValue() MUST return an error: 'write error:
> storage quota exceeded'.

You couldn't do this (they'd be different origins, so different storage areas).


> Improvement on #2: 
> .1 - a window.localStorage.requestStorage(space in MB(int) | 'unlimited'
> (str)) function MUST be available. The user provides a single argument, the
> amount of MB it wants for storage. the value is not in addition to the
> default
> 5MB, it is the total amount of storage the script wants. The browser will
> display a vendor-implemented message dialog box stating that the website is
> requesting additional localStorage space for its information, giving the user
> the option to accept or deny the granting of extra space.

This is possible today even without an API function to do it.


> The request will return a true/false indication whether the request has been
> granted or not by the user, so that the app can act accordingly.

Whether the app is granted 5MB or 5GB, the app might find it is suddenly out of quota at any time, due to the disk being full.


The other suggestions are UI suggestions, which are out of scope of the spec.


Marking NEEDSINFO; please reopen if you can elaborate on the certificate thing or provide any new information. Thanks.