- From: Arve Bersvendsen <arveb@opera.com>
- Date: Thu, 08 May 2008 09:18:23 +0100
- To: "Maciej Stachowiak" <mjs@apple.com>, "Charles McCathieNevile" <chaals@opera.com>
- Cc: "Web API WG (public)" <public-webapi@w3.org>
On Wed, 07 May 2008 20:57:25 +0100, Maciej Stachowiak <mjs@apple.com> wrote: > They both said that this proposal was only meant for things like > widgets, and agreed with my assessment that it would be a giant security > hole if exposed to web content. Without commenting further: Yes, in its current incarnation it raises security concerns, but what I meant to say was more "Our primary use case, and concerns that we have put into the initial proposal are centered around locally installed web applications, aka widgets". I would not exclude making a subset of the proposal available to web applications though. Note that the current proposal speaks of FileStreams -- ideally, these should be generic IOStreams, and should apply to other protocols than "mountpoint" or "file". Think scratch areas, webdav/svn integration, file upload with folder watch (but the method of doing so would have to be well-defined and more secure). The initial proposal is not meant to cover this, but a properly worked out, future revision could cover both. -- Arve Bersvendsen Developer, Opera Software ASA, http://www.opera.com/
Received on Thursday, 8 May 2008 08:19:42 UTC