W3C home > Mailing lists > Public > public-device-apis@w3.org > November 2009

(wrong string) ‚€œFile API‚€ to ‚€œFileReader API‚€?

From: Eric Uhrhane <ericu@google.com>
Date: Wed, 11 Nov 2009 15:57:24 -0800
Message-ID: <44b058fe0911111557m77838a62x6675f5d2c4cc1334@mail.gmail.com>
To: Maciej Stachowiak <mjs@apple.com>
Cc: Arve Bersvendsen <arveb@opera.com>, Robin Berjon <robin@berjon.com>, public-device-apis@w3.org, public-webapps WG <public-webapps@w3.org>
On Wed, Nov 11, 2009 at 12:44 AM, Maciej Stachowiak <mjs@apple.com> wrote:
> On Nov 11, 2009, at 12:36 AM, Arve Bersvendsen wrote:
>> On Wed, 11 Nov 2009 02:47:50 +0100, Maciej Stachowiak <mjs@apple.com>
>> wrote:
>>> I think file writing (once the script has securely received a file
>>> handle) has different security considerations than directory manipulation
>>> and opening of arbitrary files. File writing should be designed with the
>>> browser security model in mind, because it's something that is reasonable to
>>> expose to Web content, given the right model for getting a writable handle
>>> (private use area or explicitly chosen by the user via "Save As" dialog)
>> Note that both explicit content and private use areas/sandboxes has
>> security implications.
> Of course it does. Any new capability we add to the Web platform has
> security implications.
> For these particular features, I would like to see designed such that it is
> reasonable to expose them to public Web content, without the need for trust
> decisions by the user or policy choices by an administrator or network
> operator. I believe that is possible. When it comes to directory
> manipulation, I am not sure such a design is possible, or at least, I have
> not heard a good proposal yet.
> Regards,
> Maciej

How would you feel about a web app being able to write to a sandboxed
per-origin filesystem with a small default quota and no prompt?

Received on Wednesday, 11 November 2009 23:58:32 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:32:13 UTC