MozillaWiki

NPAPI:ClearSiteData: Difference between revisions

Page Discussion

NPAPI:ClearSiteData (view source)

Revision as of 20:57, 6 January 2011

1,551 bytes removed ,  6 January 2011
→‎Definition of domain
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
= Status =
= Status =


Under consideration.
Accepted, ready for implementation.


= Contributors =
= Contributors =


* Last modified: December 23, 2010
* Last modified: January 6, 2011
* Authors: Julian Reschke (greenbytes), Dan Witte (Mozilla), Bernhard Bauer (Chromium), Rajesh Gwalani (Adobe), Josh Aas (Mozilla)
* Authors: Julian Reschke (greenbytes), Dan Witte (Mozilla), Bernhard Bauer (Chromium), Rajesh Gwalani (Adobe), Josh Aas (Mozilla), Maciej Stachowiak (Apple)


= Overview =
= Overview =


Allows browsers to request that plugins clear locally stored private data.
Allows browsers to discover and clear plugin private data.


= Specification  =
= Specification  =
== Definition of domain ==
The return value of NPP_GetSitesWithData and the 'site' argument to NPP_ClearSiteData must be domains only (not complete URIs or IRIs). For ASCII domains, they must be lowercase; in the case of internationalized domains, they must be NFKC-encoded (normalized) UTF-8. No other encoding is allowed. IP address literals must be enclosed in square brackets '[]'. This is in accordance with RFC 3987, Internationalized Resource Identifiers (IRIs).
== Discovering Data ==
The following method will allow browsers to discover which sites a plugin has data for. Note that plugins (but no instances) must be initialized and function tables retrieved in order to call this method.
<pre>
char** NPP_GetSitesWithData(void);
</pre>
This function returns a <code>NULL</code>-terminated list of sites with data. Each site string is a domain as specified above under 'Definition of domain'. Memory for the array and the site strings must be allocated with <code>NPN_MemAlloc</code> and the browser will be responsible for freeing the memory with <code>NPN_MemFree</code>.
== Clearing Data ==


The following method will allow browsers to request that plugins clear data. Note that plugins (but no instances) must be initialized and function tables retrieved in order to call this method.
The following method will allow browsers to request that plugins clear data. Note that plugins (but no instances) must be initialized and function tables retrieved in order to call this method.
Line 18: Line 34:
<pre>
<pre>
NPError NPP_ClearSiteData(
NPError NPP_ClearSiteData(
  PRUint64 flags,        // what type of data to clear
   const char* site,      // site for which to clear data
   const char* site,      // site for which to clear data
   PRUInt64 maxAge        // max. age of information in seconds
   uint64_t flags,        // what type of data to clear
  uint64_t maxAge        // max. age of information in seconds
);
);
</pre>
</pre>


* The <code>site</code> argument is interpreted as follows:
** If <code>NULL</code>, all site-specific data and more generic data on browsing history (for instance, number of sites visited) should be cleared.
** If <code>!NULL</code>, argument is a site string from the discovery API (an exact copy or the original). See above under 'Definition of domain' for the required form of the string. The browser is responsible for allocating and freeing the memory used for this argument. The plugin must copy the string in order to retain it outside the scope of the call.
* The <code>flags</code> argument is a bit mask representing the type(s) of data to clear.
* The <code>flags</code> argument is a bit mask representing the type(s) of data to clear.
<pre>
<pre>
/* NP_CLEAR_ALL: Clear all private data */
#define NP_CLEAR_ALL    0      /* Clear all private data */
#define NP_CLEAR_ALL        0
#define NP_CLEAR_CACHE  1 << 0 /* Clear cached data which can simply be
 
                                  retrieved again as requested. To be used
/* NP_CLEAR_CACHE: Clear cached data which can simply be retrieved again as requested.
                                  out of concern for space and not necessarily
  To be used out of concern for space and not necessarily privacy. */
                                  privacy. */
#define NP_CLEAR_CACHE      1 << 0
 
/* More flags may be defined later, this spec will be updated. */
/* More flags may be defined later, this spec will be updated. */
</pre>
</pre>
* The <code>site</code> argument is interpreted as follows:
** If <code>NULL</code>, all site-specific data and more generic data on browsing history (for instance, number of sites visited) should be cleared.
** If <code>!NULL</code>, argument is a domain per the domain portion of the URI specification but with a requirement for NFKC-normalized UTF-8 encoding. No other encoding is allowed. All sub-domains of the specified domain are to be cleared as well. If a sub-domain is specified only it and its sub-domains are to be cleared. For example, if a browser specifies "b.a.com" then data for "b.a.com" and "c.b.a.com" is to be cleared but data for "a.com" is not to be cleared.
* The <code>maxAge</code> argument is the maximum age in seconds of data to clear, inclusive. If <code>maxAge</code> is <code>0</code>, no data is cleared. If <code>maxAge</code> is the maximum unsigned 64-bit integer, all data is cleared.
* The <code>maxAge</code> argument is the maximum age in seconds of data to clear, inclusive. If <code>maxAge</code> is <code>0</code>, no data is cleared. If <code>maxAge</code> is the maximum unsigned 64-bit integer, all data is cleared.


The following new NPError values will be available for return from <code>NPP_ClearSiteData</code>.
The following new <code>NPError</code> values will be available for return from <code>NPP_ClearSiteData</code>:


<pre>
<pre>
// can't clear by time range
// can't clear by time range
#define NPERR_TIMERANGE_NOT_SUPPORTED (NPERR_BASE + 14)
#define NPERR_TIME_RANGE_NOT_SUPPORTED (NPERR_BASE + 14)
// can't clear by origin
// malformed 'site' string
#define NPERR_LIMITBYORIGIN_NOT_SUPPORTED (NPERR_BASE + 15)
#define NPERR_MALFORMED_SITE (NPERR_BASE + 15)
// malformed 'origin' string
#define NPERR_MALFORMED_ORIGIN (NPERR_BASE + 16)
</pre>
</pre>


Line 54: Line 66:


If site data is in use by an instance of the plugin when <code>NPP_ClearSiteData</code> is called then it is up to the plugin to do the right thing.
If site data is in use by an instance of the plugin when <code>NPP_ClearSiteData</code> is called then it is up to the plugin to do the right thing.
= Open Issues  =
* Do we need a method for discovering what site data the plugin has? Mozilla and Apple have expressed a strong desire for this.


= Notes =
= Notes =


== Overview of current UIs ==
Notes for this specification are [[NPAPI:ClearPrivateDataNotes|here]].
 
{|
! Type || Firefox || IE || Opera || Safari || Chrome
|-
! Browsing History
| yes || yes || yes || yes || yes
|-
! Download History
| yes || yes || yes || yes || yes
|-
! Form History
| yes || yes || ? || yes || yes
|-
!  Search History
| yes || ? || ? || ? || ?
|-
! Cookies
| yes || yes || temporary/all || yes || yes
|-
! Cache
| yes || yes || yes || yes || yes
|-
! Active Logins
| yes || yes || "password manager" || yes || yes
|-
! Site Preferences
| yes || ? || ? || ? || ?
|}
 
In addition, IE has "InPrivate Filtering Data" (what is this?)
 
In addition, Opera has "delete password protected pages and data" and "bookmark visited times".
 
In addition, Safari has "webpage preview images", "website icons" and "top sites"
 
{|
! Parameters || Firefox || IE || Opera || Safari || Chrome
|-
! Time Range
| yes || no || no || no || yes
|-
! By Site
| yes (context menu in history) || ?? || ?? || ?? || ??
|}
 
=== Type of Data ===
 
* things the user enters, except for credentials (form data)
* credentials
* things cached by the UA (pages, preview images, icons)
* local data stored by the server / web application (cookies, HTML5 local storage, Flash/Silverlight local storage)
* history information (bookmarks, visited URIs)
* settings specific to a site (for instance, preferences with respect to privacy, script disabling...)
 
=== Time range ===
 
Several UAs offer to restrict the clear operation to a time range such as "today" or "last week".
 
=== Site/URI ===
 
Firefox supports "forget about this site". Other UAs do not appear to support this.
 
== Existing Discussion and Documentation ==
 
Mail thread on plugin-futures: [https://mail.mozilla.org/private/plugin-futures/2010-January/001150.html https://mail.mozilla.org/private/plugin-futures/2010-January/001150.html]
 
In particular, Lloyd Hilaiel proposed an alternate approach where plugins would store everything in a standard filesystem based layout, so the UA itself can do the clearing. See [https://mail.mozilla.org/private/plugin-futures/2010-January/001156.html https://mail.mozilla.org/private/plugin-futures/2010-January/001156.html]
 
Flash Local Storage: [http://www.macromedia.com/support/documentation/en/flashplayer/help/help02.html http://www.macromedia.com/support/documentation/en/flashplayer/help/help02.html]
 
Firefox issue - clearing local storage with time range: [https://bugzilla.mozilla.org/show_bug.cgi?id=527667 https://bugzilla.mozilla.org/show_bug.cgi?id=527667]
Dwitte
148

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/274906...276191"