This is an issue with the -[WebStorageManager deleteOrigin:] API. Calling this method tries to delete the localstorage database file on disk in StorageTracker::syncDeleteOrigin. However, we currently only delete the database file and none of its associated temporary SQLite files. One of the temporary files we fail to delete is the write-ahead log which contains local storage data that hasn’t been checkpointed. The net result is that if we wipe the local storage database and then recreate it, SQLite retains any “deleted” data that was kept around in the WAL. By default the WAL only checkpoints (i.e. moves data into the database) every 1000 pages. This is a significant amount of data we could potentially leak. We should fix this by also deleting the temporary files. We already have a method to do so in SQLiteFileSystem.
Created attachment 304430 [details] Patch v1 This patch moves to using deleteDatabaseFile.
I've looked into trying to test this change, but I can't find anything which actually exercises our WK1 local storage APIs. We seemed to have something for this, but removed it in: https://bugs.webkit.org/show_bug.cgi?id=140044
(In reply to comment #2) > I've looked into trying to test this change, but I can't find anything which > actually exercises our WK1 local storage APIs. We seemed to have something > for this, but removed it in: https://bugs.webkit.org/show_bug.cgi?id=140044 This will need (an) API test(s)