W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2009

Re: Security evaluation of an example DAP policy

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 19 Nov 2009 16:23:42 -0800
Message-ID: <63df84f0911191623u5691968fn9554443363d0e94a@mail.gmail.com>
To: Marcin Hanclik <Marcin.Hanclik@access-company.com>
Cc: Adam Barth <w3c@adambarth.com>, Maciej Stachowiak <mjs@apple.com>, Robin Berjon <robin@berjon.com>, "public-device-apis@w3.org" <public-device-apis@w3.org>, public-webapps WG <public-webapps@w3.org>
On Thu, Nov 19, 2009 at 4:07 PM, Marcin Hanclik
<Marcin.Hanclik@access-company.com> wrote:
> Hi Adam,
>
> I think that
> <resource-match attr="param:name" func="regexp">/(C|c):\\(.+)\\(.+)/<resource-match />
> should be
> <resource-match attr="param:name" func="regexp">/(C|c):\\([^\\]+)\\.+/<resource-match />
> up to any further bug in the RE.
> Sorry, my problem.
>
> Anyway, the general comment is that the use case is under control based on the current spec.

For what it's worth, I think any API that opened a dialog asking the
user "Do you want to give website X access to directory Y in your file
system" would not be an API we'd be willing to implement in firefox.
I.e. our security policy would be to always deny such a request (thus
making implementing the API useless for our users).

/ Jonas
Received on Friday, 20 November 2009 00:24:36 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:35 GMT