Web Database
-W3C Working Draft 10 September 2009
+W3C Working Draft 27 October 2009
- This Version: -
- http://www.w3.org/TR/2009/WD-webdatabase-20090910/ +
- http://www.w3.org/TR/2009/WD-webdatabase-20091027/
- Latest Published Version:
- http://www.w3.org/TR/webdatabase/
- Latest Editor's Draft:
- http://dev.w3.org/html5/webdatabase/ -
- Previous Versions: -
- http://www.w3.org/TR/2009/WD-webdatabase-20090423/
- :ZZZ -->
+
- http://www.w3.org/TR/2009/WD-webstorage-20090423/ +
- Editors:
- Ian Hickson, Google, Inc.
Copyright
@@ -513,7 +514,7 @@ interface Dat
instead of the user agent prompting the user for permission to
increase the quota every five megabytes. When the user agent is to preprocess a SQL statement sqlStatement with an array of arguments arguments, it must run the following steps: Parse sqlStatement as a SQL statement,
- with the exception that U+003F QUESTION MARK (?) characters can be
+ with the exception that U+003F QUESTION MARK characters (?) can be
used in place of SQL literals in the statement. [SQL] Need to define the SQL dialect. User agents should limit the total amount of space allowed for
+
databases.
User agents should guard against sites storing data under the
@@ -1084,7 +1086,7 @@ interface S
future. A third-party advertiser (or any entity capable of getting
content distributed to multiple sites) could use a unique identifier
stored in its
- client-side database
+ client-side databases
to track a user across multiple sessions, building a profile of the
user's interests to allow for highly targeted advertising. In
@@ -1109,8 +1111,8 @@ interface S
User agents may automatically delete stored data after a period
- of time. User agents may, if so configured by the user, automatically
+ delete stored data after a period of time. This can restrict the ability of a site to track a user, as the
@@ -1118,10 +1120,11 @@ interface S
sessions when he authenticates with the site itself (e.g. by
making a purchase or logging in to a service). However, this also puts the user's data at risk. However, this also reduces the usefulness of the API as a
+ long-term storage mechanism. It can also put the user's data at
+ risk, if the user does not fully understand the implications of
+ data expiration. If users attempt to protect their privacy by clearing cookies
without also clearing data stored in the
-
- database
-
- feature, sites can defeat those attempts by using the two features
- as redundant backup for each other. User agents should present the
+ relevant databases,
+
+ sites can defeat those attempts by using the two features as
+ redundant backup for each other. User agents should present the
interfaces for clearing these in a way that helps users to
understand this possibility and enables them to delete data in all
persistent storage features simultaneously. [COOKIES] Different authors sharing one host name, for example users
hosting content on Authors are strongly recommended to make use of the All references are normative unless marked "Non-normative".4.2 Parsing and processing SQL statements
5 Web SQL
6 Disk space
7 Privacy
7.1 User tracking
8.2 Cross-directory attacks
geocities.com, all share one
+
set of databases.
There is no feature to restrict the access by pathname. Authors on
@@ -1240,6 +1244,9 @@ interface S
JavaScript is implicitly UTF-16.8.5 SQL injection
? placeholder feature of the executeSql() method,
and to never construct SQL statements on the fly.References