Re: Updates to File API

On Wed, Jun 2, 2010 at 5:26 PM, Arun Ranganathan <arun@mozilla.com> wrote:
> On 6/2/10 5:06 PM, Jian Li wrote:
>>
>> Hi, Arun,
>>
>> I have one question regarding the scheme for Blob.url. The latest spec
>> says
>> that "The proposed URL scheme is filedata:. Mozilla already ships with
>> moz-filedata:". Since the URL is now part of the Blob and it could be used
>> to refer to both file data blob and binary data blob, should we consider
>> making the scheme as "blobdata:" for better generalization? In addition,
>> we're thinking it will probably be a good practice to encode the security
>> origin in the blob URL scheme, like blobdata:
>> http://example.com/33c6401f-8779-4ea2-9a9b-1b725d6cd50b. This will make
>> doing the security origin check easier when a page tries to access the
>> blob
>> url that is created in another process, under multi-process architecture.
>>
>
> This is a good suggestion.  I particularly like the idea of encoding the
> origin as part of the scheme.

Though we want to avoid introducing the concept of nested schemes to
the web. While mozilla already uses nested schemes (jar:http://...
and  view-source:http://...) I know others, in particular Apple, have
expressed a dislike for this in the past. And with good reason, it's
not easy to implement and has been a source of numerous security bugs.
That said, it's certainly possible.

/ Jonas

Received on Thursday, 3 June 2010 00:36:30 UTC