Re: [whatwg] Private browsing vs. Storage and Databases

[Ian Hickson]

On Tue, 7 Apr 2009, Brady Eidson wrote:
>
> A commonly added feature in browsers these days is "private browsing 
> mode" where the intention is that the user's browsing session leaves no 
> footprint on their machine.

Different "private browsing modes" have different philosophies and 
purposes, but yes, this feature does exist in different variations in 
different browsers.


> Cookies, cache files, history, and other data that the browser would 
> normally store to disk are not updated during these private browsing 
> sessions.

That is one implementation strategy, indeed.


> This concept is at odds with allowing pages to store data on the user's 
> machine as allowed by LocalStorage and Databases.  Surly persistent 
> changes during a private browsing session shouldn't be written to the 
> user's disk as that would violate the intention of a private browsing 
> session.

I think we can all agree that nothing should be written to disk, yes.


> Let's take the specific case of LocalStorage, which is what I am 
> currently working on with WebKit.  In attempting to fix this bug I came 
> up with a few possible solutions:
> 
> 1 - Disable LocalStorage completely when private browsing is on.  Remove it
> from the DOM completely.

Not implementing a feature is an option, though it would cause sites that 
use that feature to not work.


> 2 - Disable LocalStorage mostly when private browsing is on.  It exists 
> at window.localStorage, but is empty and has a 0-quota.

This doesn't seem to offer any advantages over the previous option, though 
it is more likely to run into trouble (e.g. sites that detect its support 
will assume it is functional instead of falling back on another feature).


> 3 - Slide a "fake" LocalStorage object in when private browsing is 
> enabled. It starts empty, changes to it are successful, but it is never 
> written to disk.  When private browsing is disabled, all changes to the 
> private browsing proxy are thrown out.

That seems like a reasonable strategy; it would be equivalent to the 
browser being two user agents, one for the private mode and one for the 
regular mode.


> 4 - Cover the real LocalStorage object with a private browsing layer.  
> It starts with all previously stored contents.  Any changes to it are 
> pretended to occur, but are never written to disk.  When private 
> browsing is disabled, all items revert to the state they were in when 
> private browsing was enabled and writing changes to disk is re-enabled.

That is again a reasonable implementation strategy, similar to the 
previous one.


> 5 - Treat LocalStorage as read-only when private browsing is on.  It 
> exists, and all previously stored contents can be retrieved.  Any 
> attempt to setItem(), removeItem(), or clear() fail.

This would be equivalent to the user agent having hardware limitations 
preventing it from complying with the specification, as with an out-of- 
memory condition or some such. User agents are explicitly allowed to make 
arbitrary implementation choices for such cases.

Note though that this allows the sites to detect with some reliability 
when they are being visited in "private" mode. This can be a problem.


> For now we're going with option 5.  setItem() during private browsing 
> will fail with the QUOTA_EXCEEDED_ERR the spec mentions.  removeItem() 
> and clear() will silently fail, since the spec assumes they always 
> succeed and doesn't provide a failure mechanism.

If the private browsing mode is documented as being intended to act in a 
manner that does not comply with the specification, that seems fine 
(though it leaks to the site the information that the user is using 
private browsing mode, which could be a problem). It is the equivalent of 
"Small Screen Rendering" mode in browsers like Opera, where the CSS 
specifications are intentionally not implemented correctly in order to 
achieve particular results the author didn't intend.


> 1 - What *should* the specified behavior be?

Since the answer depends on the philosophy of the browser feature, which 
can vary from implementation to implementation, there is no single answer 
to this. I don't think this is something that can or should be described 
in a formal user-agent-independent specification.


> 2 - If read-only ends up being the specified behavior, should we have a 
> mechanism for removeItem() and clear() to demonstrate that they failed?

They can always fail with a user-agent-specific exception, as with "out 
of memory" conditions.


On Tue, 7 Apr 2009, Ian Fette (���ե��åƥ�) wrote:
>
> In Chrome/Chromium, "incognito" mode is basically a new profile that is 
> in memory (plus or minus... the cache will never get written out to 
> disk, although of course the memory pages could get swapped out and hit 
> the disk that way...). The implication is that, for many of these 
> features, things could just naturally get handled. That is, whilst the 
> session is active, pages can still use a database / local s

Re: [whatwg] Incorrect declaration of the default namespace in user agent CSS

[Ian Hickson]

On Sun, 19 Apr 2009, Sergey Ilinsky wrote:
>
> In the "10.2 The CSS user agent style sheet and presentational hints"
> 
> The declaration of the default namespace (to be applied to names that have no
> explicit namespace component) is incorrect:
> @namespace url(http://www.w3.org/1999/xhtml);
> 
> Correct one should look like [1]:
> @namespace "http://www.w3.org/1999/xhtml";;
> 
> [1] http://www.w3.org/TR/css3-namespace/#declaration

As noted in the next section of that draft ("3.1 Syntax"), the use of the 
url() form is just as valid as the string form:

# namespace
#   : NAMESPACE_SYM S* [namespace_prefix S*]? [STRING|URI] S* ';' S*

-- 
Ian Hickson   U+1047E)\._.,--,'``.fL
http://ln.hixie.ch/   U+263A/,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Re: [whatwg] Incorrect declaration of the default namespace in user agent CSS

[Geoffrey Sneddon]

On 19 Apr 2009, at 21:01, Sergey Ilinsky wrote:


In the "10.2 The CSS user agent style sheet and presentational hints"

The declaration of the default namespace (to be applied to names  
that have no explicit namespace component) is incorrect:

@namespace url(http://www.w3.org/1999/xhtml);

Correct one should look like [1]:
@namespace "http://www.w3.org/1999/xhtml";;

[1] http://www.w3.org/TR/css3-namespace/#declaration


According to that document both are correct.


--
Geoffrey Sneddon

Re: [whatwg] Possible typos

[Ian Hickson]

On Sun, 19 Apr 2009, Susan G. Lesch wrote:
>
> 2.4.4.1 spaces and indeed any trailing garbage characters are ignored.
> Could omit "indeed".

Fixed.


> 2.4.4.6 when the parser sees a number or a "-" character.
> Could spell out U+002D HYPHEN-MINUS character.

Fixed.


> 3.4.1 s/so so to define/to define/

Fixed.


> 3.5 Could omit ", admittedly".

Tweaked the sentence a bit but kept the "admittedly". I like the examples 
to have a more friendly and colloquial style.


> s/MIME type/Internet media type/
> If you agree, globally.

The term "media type" is unfortunately ambiguous given the usage in CSS; 
the use of the term MIME type instead is intentional.


> 4.8.3 s/cookies are still send/cookies are still sent/

Fixed.


Thanks!

-- 
Ian Hickson   U+1047E)\._.,--,'``.fL
http://ln.hixie.ch/   U+263A/,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

[whatwg] Incorrect declaration of the default namespace in user agent CSS

[Sergey Ilinsky]

In the "10.2 The CSS user agent style sheet and presentational hints"

The declaration of the default namespace (to be applied to names that have no 
explicit namespace component) is incorrect:
@namespace url(http://www.w3.org/1999/xhtml);

Correct one should look like [1]:
@namespace "http://www.w3.org/1999/xhtml";;

[1] http://www.w3.org/TR/css3-namespace/#declaration

Sergey Ilinsky/

[whatwg] Possible typos

[Susan G. Lesch]

2.4.4.1 spaces and indeed any trailing garbage characters are ignored.
Could omit "indeed".

2.4.4.6 when the parser sees a number or a "-" character.
Could spell out U+002D HYPHEN-MINUS character.

3.4.1 s/so so to define/to define/

3.5 Could omit ", admittedly".

s/MIME type/Internet media type/
If you agree, globally.

4.8.3
s/cookies are still send/cookies are still sent/

[whatwg] Need events "oncontrolson" and ""oncontrolsoff" for video tags

[Biju]

For video tags we need events "oncontrolson" and ""oncontrolsoff"
This will be useful if web page author want to hide his interface when
native controls becomes active.


Example where it is useful
1. Get firefox trunk build
2. go to http://people.opera.com/howcome/2007/video/opacity.html
3. right on video, to get the context menu
4. select "Show Controls"

Result
The JS controls provided by web page overlaps native contols.

Re: [whatwg] Vulgar fractions

[Christoph Päper]

Øistein E. Andersen:
Currently, only a limited set of vulgar fractions can be expressed  
in HTML, viz, those that exist as pre-composed characters in  
Unicode.  (...)


1) According to Unicode (...), `any sequence of one or more decimal  
digits, followed by the fraction slash [U+2044], followed by any  
sequence of one or more decimal digits ... should be displayed as a  
unit, such as ¾'.


FWIW, JFTR and FYI, Wikipedia has a 'frac' template en.wikipedia.org/wiki/Template:Frac> whose code has changed over  
time, but always used the fraction slash, and may be different in  
other Wikipedias (or Mediawikis).