I don't think I understand the question. Webstorage apis like localstorage and sessionStorage are exposed via javascript apis. A container using caja can expose access to these api or attenuate access to it. This is called taming. Caja doesn't provide a default taming for webstorage. Is this what you are asking for?
If so, I don't understand how SSL fits into your question. The security model for webstorage apis are based on same-origin making them vulnerable to spoofing attacks. This is only partially mitigated by SSL and certainly doesn't help for the use case for which Caja is intended where third party code is being served on the same domain as container code. On Tue, Jul 6, 2010 at 10:40 PM, Eric Dorman <[email protected]> wrote: > Is there any work being done on securing the HTML 5 Localstorage > feature like for example implementing an SSL Model into the new > system. ;p > >
