On May 8, 2008, at 1:18 AM, Arve Bersvendsen wrote: > On Wed, 07 May 2008 20:57:25 +0100, Maciej Stachowiak > <mjs@apple.com> wrote: > >> They both said that this proposal was only meant for things like >> widgets, and agreed with my assessment that it would be a giant >> security hole if exposed to web content. > > Without commenting further: Yes, in its current incarnation it > raises security concerns, but what I meant to say was more "Our > primary use case, and concerns that we have put into the initial > proposal are centered around locally installed web applications, aka > widgets". > > I would not exclude making a subset of the proposal available to web > applications though. Note that the current proposal speaks of > FileStreams -- ideally, these should be generic IOStreams, and > should apply to other protocols than "mountpoint" or "file". Think > scratch areas, webdav/svn integration, file upload with folder watch > (but the method of doing so would have to be well-defined and more > secure). The initial proposal is not meant to cover this, but a > properly worked out, future revision could cover both. I would be happy to review a proposal that is intended for Web content, once one is available. Regards, MaciejReceived on Thursday, 8 May 2008 09:52:00 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 8 May 2008 09:52:00 GMT