NPAPI:ClearSiteData

From MozillaWiki
Revision as of 20:59, 25 December 2010 by Josh (talk | contribs)
Jump to navigation Jump to search

Status

Under consideration.

Contributors

  • Last modified: December 25, 2010
  • Authors: Julian Reschke (greenbytes), Dan Witte (Mozilla), Bernhard Bauer (Chromium), Rajesh Gwalani (Adobe), Josh Aas (Mozilla), Maciej Stachowiak (Apple)

Overview

Allows browsers to discover and clear plugin private data.

Specification

Discovering Data

The following method will allow browsers to discover which sites a plugin has data for. Note that plugins (but no instances) must be initialized and function tables retrieved in order to call this method. 

char** NPP_GetSitesWithData();

This function returns a NULL-terminated list of sites with data. Each site string is a domain per the domain portion of the URI specification but with a requirement for NFKC-normalized UTF-8 encoding. No other encoding is allowed. Memory for site strings must be allocated with NPN_MemAlloc and the browser will be responsible for freeing the memory with NPN_MemFree.

Clearing Data

The following method will allow browsers to request that plugins clear data. Note that plugins (but no instances) must be initialized and function tables retrieved in order to call this method. 

NPError NPP_ClearSiteData(
   const char* site,       // site for which to clear data
   PRUint64 flags,         // what type of data to clear
   PRUInt64 maxAge         // max. age of information in seconds
);
  • The site argument is interpreted as follows:
    • If NULL, all site-specific data and more generic data on browsing history (for instance, number of sites visited) should be cleared.
    • If !NULL, argument is a site string from the discovery API (an exact copy or the original). The browser is responsible for allocating and freeing the memory used for this argument. The plugin must copy the string in order to retain it outside the scope of the call.
  • The flags argument is a bit mask representing the type(s) of data to clear.
#define NP_CLEAR_ALL     0      /* Clear all private data */
#define NP_CLEAR_CACHE   1 << 0 /* Clear cached data which can simply be
                                   retrieved again as requested. To be used
                                   out of concern for space and not necessarily
                                   privacy. */
/* More flags may be defined later, this spec will be updated. */
  • The maxAge argument is the maximum age in seconds of data to clear, inclusive. If maxAge is 0, no data is cleared. If maxAge is the maximum unsigned 64-bit integer, all data is cleared.

The following new NPError values will be available for return from NPP_ClearSiteData: 

// can't clear by time range
#define NPERR_TIME_RANGE_NOT_SUPPORTED (NPERR_BASE + 14)
// malformed 'site' string
#define NPERR_MALFORMED_SITE (NPERR_BASE + 15)

For any other type of error the plugin must return NPERR_GENERIC_ERROR.

If site data is in use by an instance of the plugin when NPP_ClearSiteData is called then it is up to the plugin to do the right thing.

Open Issues

  • None.

Notes

Overview of current UIs

Type Firefox IE Opera Safari Chrome
Browsing History yes yes yes yes yes
Download History yes yes yes yes yes
Form History yes yes ? yes yes
Search History yes ? ? ? ?
Cookies yes yes temporary/all yes yes
Cache yes yes yes yes yes
Active Logins yes yes "password manager" yes yes
Site Preferences yes ? ? ? ?

In addition, IE has "InPrivate Filtering Data" (what is this?)

In addition, Opera has "delete password protected pages and data" and "bookmark visited times".

In addition, Safari has "webpage preview images", "website icons" and "top sites"

Parameters Firefox IE Opera Safari Chrome
Time Range yes no no no yes
By Site yes (context menu in history) ?? ?? ?? ??

Type of Data

  • things the user enters, except for credentials (form data)
  • credentials
  • things cached by the UA (pages, preview images, icons)
  • local data stored by the server / web application (cookies, HTML5 local storage, Flash/Silverlight local storage)
  • history information (bookmarks, visited URIs)
  • settings specific to a site (for instance, preferences with respect to privacy, script disabling...)

Time range

Several UAs offer to restrict the clear operation to a time range such as "today" or "last week".

Site/URI

Firefox supports "forget about this site". Other UAs do not appear to support this.

Existing Discussion and Documentation

Mail thread on plugin-futures: https://mail.mozilla.org/private/plugin-futures/2010-January/001150.html

In particular, Lloyd Hilaiel proposed an alternate approach where plugins would store everything in a standard filesystem based layout, so the UA itself can do the clearing. See https://mail.mozilla.org/private/plugin-futures/2010-January/001156.html

Flash Local Storage: http://www.macromedia.com/support/documentation/en/flashplayer/help/help02.html

Firefox issue - clearing local storage with time range: https://bugzilla.mozilla.org/show_bug.cgi?id=527667

Retrieved from "https://wiki.allizom.org/index.php?title=NPAPI:ClearSiteData&oldid=274934"