W3C defines local Web storage API

The World Wide Web Consortium is moving closer to a local Web storage application programming interface, which will make HTML5 Web-based applications much more powerful.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

HTML5 has reopened the debate about whether Web applications can compete with native applications. Now, with the latest World Wide Web Consortium (W3C)'s Web Application Working Group Web Storage Recommendation HTML5 developers have another powerful tool for creating Web-based programs.

The W3C believes that HTML5 and Web Storage can change how you use your computer. (Credit: W3C)

Web Storage, or Document Object Model (DOM) Storage, enables developers to create HTML5 applications that can rely on persistent client-side data storage. In other words, applications and their users can keep megabytes of data on the user's computer. This storage can be used for documents, spreadsheets, e-mail, and other user materials.

The data is stored in key/value pairs. Once on your machine, this data can only be accessed by the Web application or site that originated it.

That said, as Google's Ian Hickson, the recommendation's editor, points out, "Different authors sharing one host name, for example users hosting content on geocities.com, all share one local storage object. There is no feature to restrict the access by pathname. Authors on shared hosts are therefore recommended to avoid using these features, as it would be trivial for other authors to read the data and overwrite it." Therefore HTML5 programmers using Web storage would be wise to add their own security methods to avoid data corruption or destruction.

You won't be able to use the Web storage API for large documents or data sets. The W3C document recommends that each Web site or service limit the Web Storage data to 5MBs.

The actual amount of local Web Storage on your device varies from Web browser to Web browser and even from version to version. That's still enough to make HTML5 applications much more useful.

In part that's because, unlike some W3C standards, Web Storage has long been supported by Web browser vendors. All of the recent versions of the major Web browsers—Chrome, Firefox, Internet Explorer, Opera, and Safari—already support Web Storage.

Specifically, what this new recommendation brings to the table is two refined and related mechanisms which are similar to HTTP session cookies. They are the sessionStorage attribute and the localStorage attribute.

The sessionStorage attribute is used to add data to a specific Web-page's session storage. Once the page is closed this data is discarded. The second storage mechanism, localStorage is designed for storage that spans multiple windows, and lasts beyond the current session. This would be used by such Web applications as word-processors and spreadsheets.

While HTML5 programmers will find Web Storage quite useful to improve performance, and perhaps enable some functionality when the application isn't connected to the Internet, it still needs work. Hickson specifically mentioned "The use of the storage mutex to avoid race conditions is currently considered by certain implementers to be too high a performance burden, to the point where allowing data corruption is considered preferable." He and the rest of the Web Storage standards crew are looking for "alternatives that do not require a user-agent-wide per-origin script lock." There are also several security concerns which a developer should be aware of before starting to use Web Storage in his or her application.

Related Stories:

Editorial standards