- From: Ian Hickson <ian@hixie.ch>
- Date: Sat, 17 Mar 2007 07:18:29 +0000 (UTC)
- To: public-webapi@w3.org
A while back I asked Jesse Ruderman to do a security review of the FileUpload API. His response is below. I apologise for the tardiness of my sending these comments (he wrote them months ago, though they still apply, as the draft has not changed). --------------------------------------------------------------------- FileDialog: open() says "When called, this method MUST prompt the user with a means to select one or more files." This seems to exclude the possibility of restricting the call to times when pop-up windows are allowed. (And I think restricting it in that way would be a good idea, if only to prevent web pages from badgering you with file pickers and holding your browser hostage until you give in and select the file they want.) I'm worried about the asynchronous nature of open(). Does that mean scripts can continue running in the background, doing things like calling alert() or calling open() again? Having an asynchronous API for a dialog seems strange to me. I'm surprised that the open() method doesn't let you specify what content-type you want (e.g. images, sound files, mp3 files, etc). I'm also surprised it doesn't let you specify whether you want a single file or multiple files, always assuming you want multiple files. Requiring users to call addEventListenerNS with a long, opaque namespace string isn't very nice. The only things you can do with a file object are "getDataAsString", etc. For large files it is better to be able to iterate through lines or characters in the file, and even better to be able to seek. getDataAsString does not let you specify an encoding. It also does not specify what should happen if you ask for UTF-8 and the file is invalid UTF-8 (some programs substitute question marks in diamonds, some programs warn). Why is all this stuff separate from the file upload form control? There will always be apps where you want to upload a file to a server, and many of them would love to be able to show a preview of what you're about to upload, do some quick client-side validation, etc. The "Integration with XMLHttpRequest" section is empty. fileName: "The name of the file, exclusive of its path." Good. --------------------------------------------------------------------- Cheers, -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Saturday, 17 March 2007 07:18:41 UTC