W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Canvas - toTempURL - A dangerous proposal

From: Charles Pritchard <chuck@jumis.com>
Date: Fri, 27 Mar 2009 17:55:39 -0700
Message-ID: <49CD758B.3050900@jumis.com>
I asked myself the same question, a few minutes after posting my reply.
At this point, I'm really not sure.

My concern is that the string length for a URL may be limited,
somewhere in the platform.

If that's the case, a 1 meg data: url would overwhelm the
mechanism leading to the handler.

But as I've not tested the theory,
I don't have a leg to stand on.

-Charles

Boris Zbarsky wrote:
> Charles Pritchard wrote:
>> Having thought a little more about it (thank you for the feedback),
>> returning a reference to a custom URL handler (up to the implementation)
>> would resolve the security issues.
>>
>> toTempURL returning...  customHandler://randomData.png [any kind of 
>> reference],
>> would work in the legacy platforms we're targeting, while allowing us 
>> the flexibility
>> of deciding just how to store the data (be it in RAM, or in an 
>> unknown temporary file).
>
> I guess I'm not clear on one thing: you can add support for 
> customHandler:// to this platform but not support for data: ?
>
> -Boris
Received on Friday, 27 March 2009 17:55:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT