W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2010

Re: Updates to File API

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 2 Jun 2010 17:35:29 -0700
Message-ID: <AANLkTikx3UdRXWGapXjV9xfSYcVlfasRAodxYTE5Acpr@mail.gmail.com>
To: arun@mozilla.com
Cc: Jian Li <jianli@chromium.org>, Web Applications Working Group WG <public-webapps@w3.org>, public-device-apis <public-device-apis@w3.org>
On Wed, Jun 2, 2010 at 5:26 PM, Arun Ranganathan <arun@mozilla.com> wrote:
> On 6/2/10 5:06 PM, Jian Li wrote:
>>
>> Hi, Arun,
>>
>> I have one question regarding the scheme for Blob.url. The latest spec
>> says
>> that "The proposed URL scheme is filedata:. Mozilla already ships with
>> moz-filedata:". Since the URL is now part of the Blob and it could be used
>> to refer to both file data blob and binary data blob, should we consider
>> making the scheme as "blobdata:" for better generalization? In addition,
>> we're thinking it will probably be a good practice to encode the security
>> origin in the blob URL scheme, like blobdata:
>> http://example.com/33c6401f-8779-4ea2-9a9b-1b725d6cd50b. This will make
>> doing the security origin check easier when a page tries to access the
>> blob
>> url that is created in another process, under multi-process architecture.
>>
>
> This is a good suggestion.  I particularly like the idea of encoding the
> origin as part of the scheme.

Though we want to avoid introducing the concept of nested schemes to
the web. While mozilla already uses nested schemes (jar:http://...
and  view-source:http://...) I know others, in particular Apple, have
expressed a dislike for this in the past. And with good reason, it's
not easy to implement and has been a source of numerous security bugs.
That said, it's certainly possible.

/ Jonas
Received on Thursday, 3 June 2010 00:36:30 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:38 GMT