W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2012

Re: Moving File API: Directories and System API to Note track?

From: Darin Fisher <darin@chromium.org>
Date: Thu, 20 Sep 2012 14:45:55 -0700
Message-ID: <CAP0-QpsQSyNKOH2E7F=w1vg0b8=QWmVpGBDBv2+TQv9TPOLLvQ@mail.gmail.com>
To: James Graham <jgraham@opera.com>
Cc: Adam Barth <w3c@adambarth.com>, "Edward O'Connor" <eoconnor@apple.com>, public-webapps@w3.org
On Wed, Sep 19, 2012 at 11:50 PM, James Graham <jgraham@opera.com> wrote:

>
>
> On Wed, 19 Sep 2012, Adam Barth wrote:
>
>  On Wed, Sep 19, 2012 at 1:46 PM, James Graham <jgraham@opera.com> wrote:
>>
>>> On Wed, 19 Sep 2012, Edward O'Connor wrote:
>>>
>>>> Olli wrote:
>>>>
>>>>> I think we should discuss about moving File API: Directories and
>>>>> System API from Recommendation track to Note.
>>>>>
>>>>
>>>> Sounds good to me.
>>>>
>>>
>>> Indeed. We are not enthusiastic about implementing an API that has to
>>> traverse directory trees as this has significant technical challenges, or
>>> may expose user's path names, as this has security implications. Also
>>> AIUI
>>> this API is not a good fit for all platforms.
>>>
>>
>> There's nothing in the spec that exposes user paths.  That's just FUD.
>>
>
> I was thinking specifically of the combination of this and Drag and Drop
> and this API. I assumed that at some level one would end up with a bunch on
> Entry objects which seem to expose a path. It then seems that then a user
> who is tricked into dragging their root drive onto a webapp would expose
> all their paths.
>
> It is quite possible that this is a horrible misunderstanding of the spec,
> and if so I apologise. Nevertheless I think it's poor form to immediately
> characterise an error as a deliberate attempt to spread lies.
>
> In any case my central point remains which is that would support this spec
> moving off the Rec. track at this time.
>
>
File path information is already exposed via <input type=file multiple>.

"File names may contain partial paths."
http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#concept-input-type-file-selected

-Darin
Received on Thursday, 20 September 2012 21:46:23 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:54 GMT