W3C home > Mailing lists > Public > public-webapi@w3.org > May 2008

Re: File IO...

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 07 May 2008 14:33:18 -0500
Message-ID: <482203FE.6050705@mit.edu>
To: Scott Shattuck <idearat@mindspring.com>
CC: "Web API WG (public)" <public-webapi@w3.org>

Scott Shattuck wrote:
>> 1) The script is running at a file:// URI
> 
> I believe it's key that future specification work keep in mind that this 
> isn't the rare case it used to be, it's one definition of "run offline". 

While true, note that Gecko also supports actual running offline of http URIs, 
where you actually have a hostname to use for security checks.  This seems like 
a bette way forward to me, if at all possible.

The fundamental problem with using file:// as you describe is the lack of such 
compartmentalization.  Gecko 1.9 will try to sandbox files from each other 
somewhat, but it's likely to not be perfect and likely to break some attempts to 
"use the browser as a file-launched VM".

> it's also important to maintain
> the ability of enterprises and others to create file-launched 
> applications that are simply leveraging the browser as an 
> easier-to-develop for VM.

This is why you can call enablePrivilege from file:// right now...

I guess I'm not sure how your point relates to the text you quoted, other than 
as agreement with that exception to the general "can't prompt" policy.

-Boris
Received on Wednesday, 7 May 2008 19:34:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 May 2008 19:34:06 GMT