MozillaWiki

NPAPI:ClearSiteData: Difference between revisions

Page Discussion

NPAPI:ClearSiteData (view source)

Revision as of 20:57, 6 January 2011

1,880 bytes removed ,  6 January 2011
→‎Definition of domain
 
(44 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= Status =
= Status =


(work in progress)
Accepted, ready for implementation.


= Problem Summary =
= Contributors =


In short: let the UA's "clear cookies" function also clear Flash's local storage.
* Last modified: January 6, 2011
* Authors: Julian Reschke (greenbytes), Dan Witte (Mozilla), Bernhard Bauer (Chromium), Rajesh Gwalani (Adobe), Josh Aas (Mozilla), Maciej Stachowiak (Apple)


More precisely: delegate calls to the UAs "clear privacy information" to plugins, allowing them to clean up their locally stored data as well.
= Overview =


== Overview of current UIs ==
Allows browsers to discover and clear plugin private data.


{|
= Specification =
! Type || Firefox || IE || Opera || Safari || Chrome
|-
! Browsing History
| yes || yes || yes || yes || yes
|-
! Download History
| yes || yes || yes || yes || yes
|-
! Form History
| yes || yes || ? || yes || yes
|-
! Search History
| yes || ? || ? || ? || ?
|-
! Cookies
| yes || yes || temporary/all || yes || yes
|-
! Cache
| yes || yes || yes || yes || yes
|-
! Active Logins
| yes || yes || "password manager" || yes || yes
|-
! Site Preferences
| yes || ? || ? || ? || ?
|}


In addition, IE has "InPrivate Filtering Data" (what is this?)
== Definition of domain ==


In addition, Opera has "delete password protected pages and data" and "bookmark visited times".
The return value of NPP_GetSitesWithData and the 'site' argument to NPP_ClearSiteData must be domains only (not complete URIs or IRIs). For ASCII domains, they must be lowercase; in the case of internationalized domains, they must be NFKC-encoded (normalized) UTF-8. No other encoding is allowed. IP address literals must be enclosed in square brackets '[]'. This is in accordance with RFC 3987, Internationalized Resource Identifiers (IRIs).


In addition, Safari has "webpage preview images", "website icons" and "top sites"
== Discovering Data ==


{|
The following method will allow browsers to discover which sites a plugin has data for. Note that plugins (but no instances) must be initialized and function tables retrieved in order to call this method.
! Parameters || Firefox || IE || Opera || Safari || Chrome
|-
! Time Range
| yes || no || no || no || yes
|-
! By Site
| yes (context menu in history) || ?? || ?? || ?? || ??
|}


= Existing Discussion and Documentation =
<pre>
char** NPP_GetSitesWithData(void);
</pre>


Mail thread on plugin-futures: [https://mail.mozilla.org/private/plugin-futures/2010-January/001150.html https://mail.mozilla.org/private/plugin-futures/2010-January/001150.html]
This function returns a <code>NULL</code>-terminated list of sites with data. Each site string is a domain as specified above under 'Definition of domain'. Memory for the array and the site strings must be allocated with <code>NPN_MemAlloc</code> and the browser will be responsible for freeing the memory with <code>NPN_MemFree</code>.


In particular, Lloyd Hilaiel proposed an alternate approach where plugins would store everything in a standard filesystem based layout, so the UA itself can do the clearing. See [https://mail.mozilla.org/private/plugin-futures/2010-January/001156.html https://mail.mozilla.org/private/plugin-futures/2010-January/001156.html]
== Clearing Data ==


Flash Local Storage: [http://www.macromedia.com/support/documentation/en/flashplayer/help/help02.html http://www.macromedia.com/support/documentation/en/flashplayer/help/help02.html]
The following method will allow browsers to request that plugins clear data. Note that plugins (but no instances) must be initialized and function tables retrieved in order to call this method.


Firefox issue - clearing local storage with time range: [https://bugzilla.mozilla.org/show_bug.cgi?id=527667 https://bugzilla.mozilla.org/show_bug.cgi?id=527667]
<pre>
 
NPError NPP_ClearSiteData(
= API Requirements =
  const char* site,       // site for which to clear data
 
  uint64_t flags,         // what type of data to clear
Clearing Privacy Data needs to be independent of whether the plugin is currently instantiated.
  uint64_t maxAge        // max. age of information in seconds
 
);
=== Type of Data ===
</pre>
 
Flags:
 
* things the user enters, except for credentials (form data)
 
* credentials
 
* things cached by the UA (pages, preview images, icons)
 
* local data stored by the server / web application (cookies, HTML5 local storage, Flash/Silverlight local storage)
 
* history information (bookmarks, visited URIs)
 
* settings specific to a site (for instance, preferences with respect to privacy, script disabling...)
 
=== Time range ===
 
Several UAs offer to restrict the clear operation to a time range such as "today" or "last week".
 
In the API, this can be exposed as "last N minutes", or something like that.
 
We need to allow plugins to signal that they can't clear by time range, though.
 
(Return code, plus discoverability beforehand?)
 
=== Site/URI ===
 
Firefox supports "forget about this site". Other UAs do not appear to support this.
 
Should it be part of the API? If so, what format?
 
= Current Proposal =
 
* Last modified: May 27, 2010
* Author: Julian Reschke (greenbytes), Dan Witte <dwitte@mozilla.com>
 
The current proposal is to add a new method, providing the new functionality:


* The <code>site</code> argument is interpreted as follows:
** If <code>NULL</code>, all site-specific data and more generic data on browsing history (for instance, number of sites visited) should be cleared.
** If <code>!NULL</code>, argument is a site string from the discovery API (an exact copy or the original). See above under 'Definition of domain' for the required form of the string. The browser is responsible for allocating and freeing the memory used for this argument. The plugin must copy the string in order to retain it outside the scope of the call.
* The <code>flags</code> argument is a bit mask representing the type(s) of data to clear.
<pre>
<pre>
NPError NPN_ClearSiteData(
#define NP_CLEAR_ALL    0      /* Clear all private data */
   NPP instance,
#define NP_CLEAR_CACHE   1 << 0 /* Clear cached data which can simply be
  PRUint64 flags,        // what type of data to clear
                                  retrieved again as requested. To be used
  const char* domain,    // limit to domain
                                  out of concern for space and not necessarily
  PRUInt64 maxAge        // max. age of information in seconds
                                  privacy. */
);
/* More flags may be defined later, this spec will be updated. */
</pre>
</pre>
* The <code>maxAge</code> argument is the maximum age in seconds of data to clear, inclusive. If <code>maxAge</code> is <code>0</code>, no data is cleared. If <code>maxAge</code> is the maximum unsigned 64-bit integer, all data is cleared.
The following new <code>NPError</code> values will be available for return from <code>NPP_ClearSiteData</code>:


New [https://developer.mozilla.org/en/NPAPI/Constants#Error_Codes NPError codes]:
<pre>
<pre>
// can't clear by time range
// can't clear by time range
#define NPERR_TIMERANGE_NOT_SUPPORTED (NPERR_BASE + mm)
#define NPERR_TIME_RANGE_NOT_SUPPORTED (NPERR_BASE + 14)
// can't clear by domain/site
// malformed 'site' string
#define NPERR_LIMITBYSITE_NOT_SUPPORTED (NPERR_BASE + nn)
#define NPERR_MALFORMED_SITE (NPERR_BASE + 15)
// malformed 'domain' string
#define NPERR_MALFORMED_DOMAIN (NPERR_BASE + ll)
</pre>
</pre>


Semantics:
For any other type of error the plugin must return <code>NPERR_GENERIC_ERROR</code>.
* <code>flags</code> is a bitset representing which type(s) of data to clear; <code>0</code> means "clear all types".
 
* The <code>domain</code> argument is interpreted as follows:
If site data is in use by an instance of the plugin when <code>NPP_ClearSiteData</code> is called then it is up to the plugin to do the right thing.
** if a hostname of the form "foo.com", data in the "foo.com" domain and all subdomains should be cleared. In this form, <code>domain</code> must be a normalized ACE-encoded hostname, lowercased; must not contain a trailing dot; must not contain scheme, port, or other such fields; and must contain at least one embedded dot;
** if an IP address (either IPv4 or IPv6), data for that IP should be cleared;
** if <code>NULL</code>, all site-specific data and more generic data on browsing history (for instance, number of sites visited) should be cleared.
* <code>maxAge</code> is the maximum age of data to clear, inclusive, in seconds. If <code>maxAge</code> is <code>0</code>, no data is cleared. If <code>maxAge</code> is the maximum unsigned 64-bit integer, all data is cleared.


= Open Issues =
= Notes =


* Do we need a discovery method?
Notes for this specification are [[NPAPI:ClearPrivateDataNotes|here]].
* Should it be possible to clear all types with a single call? In which case the flags should be passed as bit set; this would also allow a forwards-compatible "delete-all"
** [dwitte] Yes: flags == 0 should mean "clear everything".
* What is the behavior of the 'site' argument? does 'foo.com' clear data for 'foo.com' and all subdomains? Does it work for IP addresses?
* If 'site' is NULL or the empty string, does all data get cleared?
* Does maxAge == 0 clear data regardless of age? Or maxAge == 2^31 - 1?
* 'NPN_ClearPrivacyData' seems like a strange name. 'NPN_ClearSiteData' perhaps?
* what's the syntax for an IPv6 address in site? As per RFC 3986 "IP-literal" ([http://greenbytes.de/tech/webdav/rfc3986.html#host.ip])?
Dwitte
148

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/226402...276191"