NPAPI:ClearSiteData
Status
(work in progress)
Problem Summary
In short: let the UA's "clear cookies" function also clear Flash's local storage.
More precisely: delegate calls to the UAs "clear privacy information" to plugins, allowing them to clean up their locally stored data as well.
Overview of current UIs
| Type | Firefox | IE | Opera | Safari | Chrome |
|---|---|---|---|---|---|
| Browsing History | yes | yes | yes | yes | yes |
| Download History | yes | yes | yes | yes | yes |
| Form History | yes | yes | ? | yes | yes |
| Search History | yes | ? | ? | ? | ? |
| Cookies | yes | yes | temporary/all | yes | yes |
| Cache | yes | yes | yes | yes | yes |
| Active Logins | yes | yes | "password manager" | yes | yes |
| Site Preferences | yes | ? | ? | ? | ? |
In addition, IE has "InPrivate Filtering Data" (what is this?)
In addition, Opera has "delete password protected pages and data" and "bookmark visited times".
In addition, Safari has "webpage preview images", "website icons" and "top sites"
| Parameters | Firefox | IE | Opera | Safari | Chrome |
|---|---|---|---|---|---|
| Time Range | yes | no | no | no | yes |
| By Site | yes (context menu in history) | ?? | ?? | ?? | ?? |
Existing Discussion and Documentation
Mail thread on plugin-futures: https://mail.mozilla.org/private/plugin-futures/2010-January/001150.html
In particular, Lloyd Hilaiel proposed an alternate approach where plugins would store everything in a standard filesystem based layout, so the UA itself can do the clearing. See https://mail.mozilla.org/private/plugin-futures/2010-January/001156.html
Flash Local Storage: http://www.macromedia.com/support/documentation/en/flashplayer/help/help02.html
Firefox issue - clearing local storage with time range: https://bugzilla.mozilla.org/show_bug.cgi?id=527667
API Requirements
Clearing Privacy Data needs to be independent of whether the plugin is currently instantiated.
Type of Data
Flags:
- things the user enters, except for credentials (form data)
- credentials
- things cached by the UA (pages, preview images, icons)
- local data stored by the server / web application (cookies, HTML5 local storage, Flash/Silverlight local storage)
- history information (bookmarks, visited URIs)
- settings specific to a site (for instance, preferences with respect to privacy, script disabling...)
Time range
Several UAs offer to restrict the clear operation to a time range such as "today" or "last week".
In the API, this can be exposed as "last N minutes", or something like that.
We need to allow plugins to signal that they can't clear by time range, though.
(Return code, plus discoverability beforehand?)
Site/URI
Firefox supports "forget about this site". Other UAs do not appear to support this.
Should it be part of the API? If so, what format?
Current Proposal
- Last modified: April 16, 2010
- Author: Julian Reschke (greenbytes)
The current proposal is to add a new method, providing the new functionality:
NPError NPN_ClearPrivacyData( NPP instance, PRUint64 flags, // what type of data to clear const char* site, // limit to site int maxAge // max. age of information in seconds );
New NPError codes:
// can't clear by time range #define NPERR_TIMERANGE_NOT_SUPPORTED (NPERR_BASE + mm) // can't clear by domain/site #define NPERR_LIMITBYSITE_NOT_SUPPORTED (NPERR_BASE + nn)
Open Issues
- Do we need a discovery method?
- Should it be possible to clear all types with a single call? In which case the flags should be passed as bit set; this would also allow a forwards-compatible "delete-all"