- From: Jonas Sicking <jonas@sicking.cc>
- Date: Mon, 2 Nov 2009 23:01:38 -0800
- To: Doug Schepers <schepers@w3.org>
- Cc: "public-webapps@w3.org" <public-webapps@w3.org>, public-device-apis@w3.org
On Mon, Nov 2, 2009 at 12:48 PM, Doug Schepers <schepers@w3.org> wrote: > Hi, Folks- > > During the TPAC joint meeting between the WebApps and DAP WGs, we discussed > security policies and use cases and requirements around saving files in > different scenarios: public web resources (web pages and apps), widgets, > mobile device and desktop browsers, locally-installed applications, etc. [1] > > To kick this thread off, I'd like to suggest the trust model that already > exists for local applications and browsers, which is to open a modal dialog > that allows the user to select the file the application can save to; for > webapps, I suggest the extra security consideration we add is to have the > file hook which is returned is completely opaque (as far as the directory > and file name) to the web app, and it just knows where to write. Further, > we should limit the upper bounds of the file size. I don't have any thoughts > about auto-save across sessions, but it should be addressed (probably not > allowed). > > This could be evoked through the UI convention of a file dialog, or just as > a bare API (if the user preferences allow the API to ask about saving > files). In any case, it should never be a "cool" webapp-specific file API > dialog, only ever the native dialog of the browser (be it a desktop or > mobile). > > Please send in use cases, requirements, concerns, and concrete suggestions > about the general topic (regardless of your opinion about my suggestion). > > [1] http://www.w3.org/2009/11/02-dap-irc#T20-40-39-1 It seems to me that there were (at least) two types of 'save' features being discussed today. 1. The ability for something like google docs to bring up a "save as" dialog to save the document in a user chosen location. 2. The ability for pages to write to a virtual filesystem using a location and name picked by the page. It sounds like you are primarily referring to the first of these, is that a correct understanding? I agree that this seems like a good place to start. You can actually do this already, although it's far from elegant: a = document.createElement('a'); document.body.appendChild(a); a.href = "data:application/octet-stream;base64,..."; a.click(); I believe that will bring up the standard browser save-as dialog. Obviously it would be nice to have something better than that. I think what we need is something is: * A way to create a Blob object based on data created by the page. * An API that given a Blob shows a "safe file as" dialog to the user. I think the former is something we'll need anyway, and once we have that the latter is an easy addition. / Jonas
Received on Tuesday, 3 November 2009 07:02:47 UTC