NPAPI:ClearSiteData

Status

(work in progress)

Problem Summary

In short: let the UA's "clear cookies" function also clear Flash's local storage.

More precisely: delegate calls to the UAs "clear privacy information" to plugins, allowing them to clean up their locally stored data as well.

Overview of current UIs

Type Firefox IE Opera Safari Chrome
Browsing History yes yes yes yes yes
Download History yes yes yes yes yes
Form History yes yes ? yes yes
Search History yes ? ? ? ?
Cookies yes yes temporary/all yes yes
Cache yes yes yes yes yes
Active Logins yes yes "password manager" yes yes
Site Preferences yes ? ? ? ?

In addition, IE has "InPrivate Filtering Data" (what is this?)

In addition, Opera has "delete password protected pages and data" and "bookmark visited times".

In addition, Safari has "webpage preview images", "website icons" and "top sites"

Parameters Firefox IE Opera Safari Chrome
Time Range yes no no no yes
By Site yes (context menu in history) ?? ?? ?? ??

Existing Discussion and Documentation

Mail thread on plugin-futures: https://mail.mozilla.org/private/plugin-futures/2010-January/001150.html

In particular, Lloyd Hilaiel proposed an alternate approach where plugins would store everything in a standard filesystem based layout, so the UA itself can do the clearing. See https://mail.mozilla.org/private/plugin-futures/2010-January/001156.html

Flash Local Storage: http://www.macromedia.com/support/documentation/en/flashplayer/help/help02.html

Firefox issue - clearing local storage with time range: https://bugzilla.mozilla.org/show_bug.cgi?id=527667

API Requirements

Clearing Privacy Data needs to be independent of whether the plugin is currently instantiated.

Type of Data

Flags:

  • things the user enters, except for credentials (form data)
  • credentials
  • things cached by the UA (pages, preview images, icons)
  • local data stored by the server / web application (cookies, HTML5 local storage, Flash/Silverlight local storage)
  • history information (bookmarks, visited URIs)
  • settings specific to a site (for instance, preferences with respect to privacy, script disabling...)

Time range

Several UAs offer to restrict the clear operation to a time range such as "today" or "last week".

In the API, this can be exposed as "last N minutes", or something like that.

We need to allow plugins to signal that they can't clear by time range, though.

(Return code, plus discoverability beforehand?)

Site/URI

Firefox supports "forget about this site". Other UAs do not appear to support this.

Should it be part of the API? If so, what format?

Current Proposal

  • Last modified: April 16, 2010
  • Author: Julian Reschke (greenbytes)

The current proposal is to add a new method, providing the new functionality:

NPError NPN_ClearPrivacyData(
  NPP instance,
  PRUint64 flags,     // what type of data to clear
  const char* site,   // limit to site
  int maxAge          // max. age of information in seconds
);

New NPError codes:

// can't clear by time range
#define NPERR_TIMERANGE_NOT_SUPPORTED (NPERR_BASE + mm)
// can't clear by domain/site
#define NPERR_LIMITBYSITE_NOT_SUPPORTED (NPERR_BASE + nn)

Open Issues

  • Do we need a discovery method?
  • Should it be possible to clear all types with a single call? In which case the flags should be passed as bit set; this would also allow a forwards-compatible "delete-all"