W3C home > Mailing lists > Public > public-html@w3.org > April 2007

Re: Proposal to Adopt HTML5 -- procedural issue

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 10 Apr 2007 23:27:09 -0700
Message-Id: <2605AE99-2CF5-493E-BEBD-AD51122619EB@apple.com>
Cc: Dan Connolly <connolly@w3.org>, HTML WG <public-html@w3.org>, Håkon Wium Lie <howcome@opera.com>, Brendan Eich <brendan@mozilla.org>, "L. David Baron" <dbaron@dbaron.org>, David Hyatt <hyatt@apple.com>, lbolstad@opera.com
To: "Dailey, David P." <david.dailey@sru.edu>


On Apr 10, 2007, at 8:10 PM, Dailey, David P. wrote:

> * Okay I guess I have to reveal the dumb question after all: does  
> WHATWG allow for writing files client side? I see there is a super- 
> cookie thing of some sort (the Storage interface), but I'm thinking  
> of execCommand('SaveAs',false, '.txt') that was (is?) available in  
> IE. About seven years ago I put together a little web app using VML  
> (IE only) http://srufaculty.sru.edu/david.dailey/grapher/ -- the  
> utility of being able to save files to the client (or open them)  
> should be relatively self-evident. Reading files client-side was a  
> mess, but writing was fairly straightforward with an ActiveX  
> thingy.  (do a google search: reading files javascript)

I think this would be a security risk unless there were careful  
restrictions on where saved files could go, whether the client can  
overwrite, and who can read saved files. It does sound useful but it  
is hard to navigate the security issues.

Regards,
Maciej
Received on Wednesday, 11 April 2007 06:28:50 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:42 UTC