RESOLVED WONTFIX 47730
Web Inspector: grant access to local storage to web inspector 
https://bugs.webkit.org/show_bug.cgi?id=47730
Summary Web Inspector: grant access to local storage to web inspector
Pavel Podivilov
Reported 2010-10-15 11:09:45 PDT
In chrome, Web Inspector uses "chrome:" schema which has very limited permissions. However, we want to use localStorage to store front-end settings.
Attachments
Patch. (3.71 KB, patch)
2010-10-15 11:12 PDT, Pavel Podivilov 		abarth: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Pavel Podivilov
Comment 1 2010-10-15 11:12:37 PDT
Created attachment 70884 [details] Patch.
Adam Barth
Comment 2 2010-10-15 11:18:21 PDT
Comment on attachment 70884 [details] Patch. These "grant" API are like grenades without a pin. We shouldn't have them at all. A better design might be to run the inspector in the "chrome-extension" scheme. That way it can have its own public key to define who should have access to its local storage.
Early Warning System Bot
Comment 3 2010-10-15 11:27:18 PDT
Attachment 70884 [details] did not build on qt: Build output: http://queues.webkit.org/results/4419052
Eric Seidel (no email)
Comment 4 2010-10-15 11:40:40 PDT
Attachment 70884 [details] did not build on mac: Build output: http://queues.webkit.org/results/4470040
Pavel Feldman
Comment 5 2010-10-18 01:57:37 PDT
Comment on attachment 70884 [details] Patch. View in context: https://bugs.webkit.org/attachment.cgi?id=70884&action=review > WebCore/page/SecurityOrigin.h:124 > bool canAccessDatabase() const { return !isUnique(); } At some point we might want to use database and filesystem from within inspector. So the right solution is to make inspector non-Unique on all the platforms.
Adam Barth
Comment 6 2010-10-18 02:34:00 PDT
(In reply to comment #5) > (From update of attachment 70884 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=70884&action=review > > > WebCore/page/SecurityOrigin.h:124 > > bool canAccessDatabase() const { return !isUnique(); } > > At some point we might want to use database and filesystem from within inspector. So the right solution is to make inspector non-Unique on all the platforms. Indeed. However, we shouldn't do that by granting it magical privileges. Instead, we should use a URL scheme that doesn't impose uniqueness.
Pavel Feldman
Comment 7 2010-10-18 02:36:07 PDT
> Indeed. However, we shouldn't do that by granting it magical privileges. Instead, we should use a URL scheme that doesn't impose uniqueness. +1. That's exactly what I meant in the "non-Unique" part of the comment.
Note You need to log in before you can comment on or make changes to this bug.