W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Canvas - toTempURL - A dangerous proposal

From: Charles Pritchard <chuck@jumis.com>
Date: Fri, 27 Mar 2009 17:55:39 -0700
Message-ID: <49CD758B.3050900@jumis.com>
I asked myself the same question, a few minutes after posting my reply.
At this point, I'm really not sure.

My concern is that the string length for a URL may be limited,
somewhere in the platform.

If that's the case, a 1 meg data: url would overwhelm the
mechanism leading to the handler.

But as I've not tested the theory,
I don't have a leg to stand on.


Boris Zbarsky wrote:
> Charles Pritchard wrote:
>> Having thought a little more about it (thank you for the feedback),
>> returning a reference to a custom URL handler (up to the implementation)
>> would resolve the security issues.
>> toTempURL returning...  customHandler://randomData.png [any kind of 
>> reference],
>> would work in the legacy platforms we're targeting, while allowing us 
>> the flexibility
>> of deciding just how to store the data (be it in RAM, or in an 
>> unknown temporary file).
> I guess I'm not clear on one thing: you can add support for 
> customHandler:// to this platform but not support for data: ?
> -Boris
Received on Friday, 27 March 2009 17:55:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:48 UTC