W3C home > Mailing lists > Public > public-appformats@w3.org > November 2007

Re: Long File Names and Widgets

From: Marcos Caceres <marcosscaceres@gmail.com>
Date: Fri, 23 Nov 2007 15:07:08 +1000
Message-ID: <b21a10670711222107m6485a8b6w99354ae5625f15c9@mail.gmail.com>
To: "Bjoern Hoehrmann" <derhoermi@gmx.net>
Cc: "public-appformats@w3.org" <public-appformats@w3.org>
> I would expect, in any case, the specification to warn against giving
> possibly untrusted content control over the names of files on the disk.
> There are the obvious portability issues concerning lenth restrictions
> and usable characters but also security issues with special characters,
> special file names, special files and other things, as an implementer,
> I would certainly try hard to avoid simply extracting an archive file
> to disk.

Exactly.  However, this is not current practice with a least yahoo! widgets
and Windows Vista Sidebar... both decompress widgets straight to the hard
drive. Still need to do more testing to see what others do. I'll draft some
warning text as you suggested. If you have any further comments on the text
I sent yesterday regarding ASCII paths [1] I would really like to hear them.

Kind regards,

[1] http://lists.w3.org/Archives/Public/public-appformats/2007Nov/0032.html

Marcos Caceres
Received on Friday, 23 November 2007 05:07:27 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:56:20 UTC