Re: [w3ctag/design-reviews] Moving local files with the File System Access API (Issue #805) from Austin Sullivan on 2023-06-30 (public-webapps-github@w3.org from June 2023)

From: Austin Sullivan <notifications@github.com>
Date: Thu, 29 Jun 2023 19:30:23 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/805/1614028832@github.com>

> In the explainer it says "User agents are recommended to perform security checks on files moved within the local file system" but that isn't in the linked PR. And one issue we're concerned about is the strength of this "recommendation" and whether it's appropriate to the power of this API - especially when it comes to security.

Regarding this point specifically - we recent [added to the spec](https://github.com/whatwg/fs/commit/b2644f0152b08c3ac8bf1852db9a712a65af1546) the ability to distinguish between files on the local file system vs. files in a Bucket File System ([f.k.a. OPFS](https://github.com/whatwg/fs/commit/69c51d387cc94e86c8a26acbc0051d7c2a560cfd)). This now allows us to specify within the `move()` algorithm something like:
> 1. If [=this=] [=FileSystemHandle/is in a bucket file system=], run [=implementation-defined=] malware checks


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/805#issuecomment-1614028832
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/805/1614028832@github.com>

Received on Friday, 30 June 2023 02:30:29 UTC