W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2011

[FileSystem]: URI format, uses

From: Eric Uhrhane <ericu@google.com>
Date: Fri, 21 Jan 2011 15:12:51 -0800
Message-ID: <AANLkTimNBWSqu6XJ8YsxSYPBuEZR-JuKto0nj9H63bEL@mail.gmail.com>
To: Web Applications Working Group WG <public-webapps@w3.org>
The Entry.toURI method specified in the FileSystem spec [1] currently
has an open issue to define its format.  I believe we also need to
describe the ways in which it can and cannot be used, as some
potential uses may have security implications.

I propose the following format:

filesystem:{protocol}://{domain}[:port]/{storage type}/{path}

e.g. filesystem:https://www.google.com/persistent/images/logo.png

I think that, for the domain that owns the asset referred to by the
URI, pretty much any reasonable use should be allowed:
video/audio/img/iframe/script sources, XHR [GET only], etc.  I'm
iffier on allowing any access to other origins, even for e.g. img
sources, even though they're normally allowed cross-origin.  I'd love
to hear security arguments against and use cases for cross-origin
access.  Of course, it's always easiest/safest to start out not
allowing such a thing and relax the rules later.

Thanks in advance for any comments.

     Eric Uhrhane

[1] http://dev.w3.org/2009/dap/file-system/file-dir-sys.html#widl-Entry-toURI
Received on Friday, 21 January 2011 23:13:38 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:29 UTC