60589 2011-05-10 15:08:38 -0700 [Qt] REGRESSION(r84099): some pages loaded by setHtml cannot use local storage 2011-07-22 07:09:32 -0700 1 1 1 Unclassified WebKit WebKit Qt 528+ (Nightly build) All All RESOLVED INVALID Qt, QtTriaged P5 Normal --- 1 rafael.lobo webkit-unassigned benjamin rafael.lobo oldest_to_newest 401541 0 rafael.lobo 2011-05-10 15:08:38 -0700 Since r84099, pages loaded by QWebFrame::setHtml with blank URLs (empty or "about:blank"), won't be able to use local storage as they now have a globally unique security origin. When the user loads a page with that, wouldn't be desired by him that local storage is accessible in such cases? Actually it may be expected that, no matter what url is defined, the user should still be able to use local storage as he is the one setting the html content. The attachment provides a test case that shows this bug happening. I found it while investigating this bug (https://bugs.webkit.org/show_bug.cgi?id=58847), but I think the discussion of how this should work should be moved to here. 401544 1 93019 rafael.lobo 2011-05-10 15:09:28 -0700 Created attachment 93019 This creates a test case that shows this bug happening. 401603 2 benjamin 2011-05-10 16:04:00 -0700 I don't really agree with the expected behavior you suggest. The spec of local storage is making strong assumption about the origin, for security or for data consistency. I think it is reasonable that the API force you to define clearly the origin in order to use local storage. I would say this bug is invalid, and the patch you made for 58847 might be the right solution for the failing test. Any opinion? 402266 3 rafael.lobo 2011-05-11 14:11:24 -0700 I think you're correct. The least that could be done, I guess, is to change QWebFrame documentation about this method. Now it says: "(...) baseUrl is optional and used to resolve relative URLs in the document, such as referenced images or stylesheets. (...)". Shouldn't we mention that it is important to determine its security origin or at least mention that he should provide a "valid url" if he wants to use local storage? 402289 4 benjamin 2011-05-11 14:31:08 -0700 (In reply to comment #3) > Shouldn't we mention that it is important to determine its security origin or at least mention that he should provide a "valid url" if he wants to use local storage? That could be good if that does not mean a much more complicated documentation. If you document that, you should keep it generic. Quite a few HTML 5 features depend on a valid origin (geolocation's authorizations for example). If you find some good way to express the issue in the doc, I am all for it :) 403059 5 rafael.lobo 2011-05-12 12:11:55 -0700 I had no idea that it was also used in many other features. I'll take a look on HTML5 specs to learn more about it, but I can imagine how hard it may be to keep the documentation simple but more informative. 403066 6 rafael.lobo 2011-05-12 12:15:47 -0700 So this bug will be marked as invalid, but we will still have the documentation problem. Should that be reported as another bug? Not sure if we could call this a bug (in documentation). In this case I'll leave it up to you to decide. :P 440936 7 rafael.lobo 2011-07-22 07:09:32 -0700 Closing it as 'invalid'. 93019 2011-05-10 15:09:28 -0700 2011-05-10 15:09:28 -0700 This creates a test case that shows this bug happening. create-test-sethtml.diff text/plain 1734 rafael.lobo ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQvcXQvdGVzdHMvcXdlYnBhZ2UvdHN0X3F3ZWJwYWdl LmNwcCBiL1NvdXJjZS9XZWJLaXQvcXQvdGVzdHMvcXdlYnBhZ2UvdHN0X3F3ZWJwYWdlLmNwcApp bmRleCBiNGMxMTkxLi4yMTE4MmRhIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0L3F0L3Rlc3Rz L3F3ZWJwYWdlL3RzdF9xd2VicGFnZS5jcHAKKysrIGIvU291cmNlL1dlYktpdC9xdC90ZXN0cy9x d2VicGFnZS90c3RfcXdlYnBhZ2UuY3BwCkBAIC0xMjAsNiArMTIwLDcgQEAgcHJpdmF0ZSBzbG90 czoKICAgICB2b2lkIGxvY2FsVVJMU2NoZW1lcygpOwogICAgIHZvaWQgdGVzdE9wdGlvbmFsSlNP YmplY3RzKCk7CiAgICAgdm9pZCB0ZXN0RW5hYmxlUGVyc2lzdGVudFN0b3JhZ2UoKTsKKyAgICB2 b2lkIHNldEh0bWxXaXRoTG9jYWxTdG9yYWdlKCk7CiAgICAgdm9pZCBjb25zb2xlT3V0cHV0KCk7 CiAgICAgdm9pZCBpbnB1dE1ldGhvZHNfZGF0YSgpOwogICAgIHZvaWQgaW5wdXRNZXRob2RzKCk7 CkBAIC0yMzE5LDYgKzIzMjAsMjcgQEAgdm9pZCB0c3RfUVdlYlBhZ2U6OnRlc3RFbmFibGVQZXJz aXN0ZW50U3RvcmFnZSgpCiAgICAgUVRSWV9WRVJJRlkoIXdlYlBhZ2Uuc2V0dGluZ3MoKS0+aWNv bkRhdGFiYXNlUGF0aCgpLmlzRW1wdHkoKSk7CiB9CiAKK3N0YXRpYyBpbmxpbmUgYm9vbCBleGlz dHNMb2NhbFN0b3JhZ2VXaXRoQmFzZVVSTChRV2ViUGFnZSYgd2ViUGFnZSwgY29uc3QgUVVybCYg dXJsKQoreworICAgIHdlYlBhZ2UubWFpbkZyYW1lKCktPnNldEh0bWwoUVN0cmluZygiPGh0bWw+ PGJvZHk+PC9ib2R5PjwvaHRtbD4iKSwgdXJsKTsKKyAgICByZXR1cm4gd2ViUGFnZS5tYWluRnJh bWUoKS0+ZXZhbHVhdGVKYXZhU2NyaXB0KFFTdHJpbmcoIih3aW5kb3cubG9jYWxTdG9yYWdlICE9 IHVuZGVmaW5lZCkiKSkudG9Cb29sKCk7Cit9CisKK3ZvaWQgdHN0X1FXZWJQYWdlOjpzZXRIdG1s V2l0aExvY2FsU3RvcmFnZSgpCit7CisgICAgLy8gUmVnYXJkbGVzcyBvZiB3aGF0IGJhc2UgdXJs IGlzIGRlZmluZWQgYnkgUVdlYkZyYW1lOjpzZXRIdG1sLAorICAgIC8vIHRoZSByZXN1bHRpbmcg cGFnZSBzaG91bGQgYmUgYWJsZSB0byB1c2UgbG9jYWwgc3RvcmFnZS4KKworICAgIFFXZWJQYWdl IHdlYlBhZ2U7CisgICAgd2ViUGFnZS5zZXR0aW5ncygpLT5zZXRBdHRyaWJ1dGUoUVdlYlNldHRp bmdzOjpMb2NhbFN0b3JhZ2VFbmFibGVkLCB0cnVlKTsKKworICAgIFFDT01QQVJFKGV4aXN0c0xv Y2FsU3RvcmFnZVdpdGhCYXNlVVJMKHdlYlBhZ2UsIFFVcmwoImh0dHA6Ly90ZXN0IikpLCB0cnVl KTsKKyAgICBRQ09NUEFSRShleGlzdHNMb2NhbFN0b3JhZ2VXaXRoQmFzZVVSTCh3ZWJQYWdlLCBR VXJsKCJhYm91dDpibGFuayIpKSwgdHJ1ZSk7CisgICAgUUNPTVBBUkUoZXhpc3RzTG9jYWxTdG9y YWdlV2l0aEJhc2VVUkwod2ViUGFnZSwgUVVybCgiIikpLCB0cnVlKTsKKyAgICBRQ09NUEFSRShl eGlzdHNMb2NhbFN0b3JhZ2VXaXRoQmFzZVVSTCh3ZWJQYWdlLCBRVXJsKCJkYXRhOnRleHQvaHRt bCx0ZXN0IikpLCB0cnVlKTsKKyAgICBRQ09NUEFSRShleGlzdHNMb2NhbFN0b3JhZ2VXaXRoQmFz ZVVSTCh3ZWJQYWdlLCBRVXJsKCJpbnZhbGlkIikpLCB0cnVlKTsKK30KKwogdm9pZCB0c3RfUVdl YlBhZ2U6OmRlZmF1bHRUZXh0RW5jb2RpbmcoKQogewogICAgIFFXZWJGcmFtZSogbWFpbkZyYW1l ID0gbV9wYWdlLT5tYWluRnJhbWUoKTsK