pierrelf.com / we
we (web engine): Experimental web browser project to understand the limits of Claude
fork atom

localStorage and sessionStorage (Web Storage API) #133

open opened by pierrelf.com

Phase 14: Security + Storage#

Implement the Web Storage API: localStorage (persistent) and sessionStorage (per-tab/session).

Requirements#

Storage interface#

  • Implement the Storage interface: getItem(key), setItem(key, value), removeItem(key), clear(), key(index), length
  • Keys and values are strings (DOMString)
  • Storage is keyed by origin (scheme + host + port)

localStorage#

  • Persistent across browser sessions (survives process restart)
  • Backed by a simple file-based store: one file per origin in a data directory (e.g., ~/.we/storage/)
  • File format: simple key=value lines or a basic binary format -- keep it simple
  • Enforce a per-origin quota (5 MB is the standard default)
  • Throw a QuotaExceededError (DOMException) when the quota is exceeded

sessionStorage#

  • Per browsing context (tab), not shared between tabs
  • Same API as localStorage but data is lost when the session ends
  • In-memory storage keyed by (origin, browsing-context-id)
  • Also enforce the 5 MB per-origin quota

JS integration#

  • Expose window.localStorage and window.sessionStorage as JS objects
  • Property access proxying: storage["key"] and storage.key should work as getItem/setItem
  • Fire StorageEvent on the window when storage changes (for same-origin cross-tab communication with localStorage)

Security#

  • Storage is strictly partitioned by origin
  • Opaque origins get no storage access (return null)

Integration points#

  • New module: crates/browser/src/storage.rs
  • crates/js: expose Storage objects on the window global
  • crates/browser: manage storage lifecycle (load on startup, persist on change)

Acceptance Criteria#

  • getItem/setItem/removeItem/clear/key/length all work correctly
  • localStorage persists across simulated browser restarts (write to disk, read back)
  • sessionStorage is isolated per browsing context
  • Storage is partitioned by origin -- different origins cannot see each other's data
  • QuotaExceededError is thrown when 5 MB limit is exceeded
  • StorageEvent fires on other same-origin contexts when localStorage changes
  • cargo clippy --workspace -- -D warnings passes
  • cargo test --workspace passes
sign up or login to add to the discussion
Labels

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:meotu43t6usg4qdwzenk4s2t/sh.tangled.repo.issue/3mi4tmuzqyy27