W3C home > Mailing lists > Public > whatwg@whatwg.org > April 2017

Re: [whatwg] Accessing local files with JavaScript portably and securely

From: Jeffrey Yasskin <jyasskin@chromium.org>
Date: Thu, 20 Apr 2017 07:15:21 -0700
Message-ID: <CANh-dXk38QSYRQ2tbK=vvijv4PB9Wc9aPk2Ck340GQT7ZtKFsw@mail.gmail.com>
To: Philipp Serafin <phil127@gmail.com>
Cc: whatwg@lists.whatwg.org
On Sat, Apr 15, 2017 at 6:09 AM, Philipp Serafin <phil127@gmail.com> wrote:

> If I see this correctly, we're currently talking about two different
> use-cases for file/directory access:
>
> 1) …
>
> 2) Loading (parts of) the app itself from a local filesystem, possibly
> without any network access being available at all (the CD rom example).
>
> Maybe the security would be easier to handle if dealt with both use-cases
> separately. I think both use-cases have different requirements,
> non-requirements and "prior art":
>
> 1) …
>
> 2) sounds like an extension of offline apps to me. Maybe this could be
> solved by defining some kind of package format for service workers and
> cached resources, so service workers can be installed without any network
> access.
>

FWIW, we're working on such a packaging format in
https://github.com/dimich-g/webpackage. It's still early, and we haven't
yet described how to do things like check certificate and package
revocation, but it's got the overall direction we're thinking about.

Jeffrey
Received on Thursday, 20 April 2017 14:16:40 UTC

This archive was generated by hypermail 2.3.1 : Thursday, 20 April 2017 14:16:41 UTC