Re: [w3ctag/design-reviews] Moving local files with the File System Access API (Issue #805) from Austin Sullivan on 2023-03-16 (public-webapps-github@w3.org from March 2023)

From: Austin Sullivan <notifications@github.com>
Date: Thu, 16 Mar 2023 14:55:24 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/805/1472799629@github.com>

> Hi @a-sully – are there versions of the spec and explainer markdowns that can be directly linked to, rather than un-merged PRs? That would greatly help the review.

No, not at the moment. There had been some [earlier discussions as to where these types of explainers should go](https://github.com/whatwg/fs/pull/46#issuecomment-1230531707) but that thread was never resolved... I can attempt to merge them into whatwg/fs and cite this as justification :)

> Hi @a-sully - thanks for this. We're reviewing today and noting that this is built on top of File System Access which we previously [reviewed positively](https://github.com/w3ctag/design-reviews/issues/390). Can we set up a session where y'all join us to discuss the security issues, multi-stakeholder interest, abuse cases, and potential mitigations?

Absolutely! (and sorry, I realized I had accidentally been filtering emails related to this repo. I should be more responsive going forward)

> I'm not sure if this is already covered, but there needs to be a limitation on how often this method can be called. Likely restricted to a single call per user activation.
> 
> Otherwise, a malicious site can use the fact that existing files can't be overwritten to probe for the existence of other files that the user has not granted access to.

Correct! This is discussed in the explainer; both on [requiring user activation if you don't have permission](https://github.com/a-sully/fs/blob/e82fb4eea28b9964a0e16b3671d779527a7b9bcc/MovingNonOpfsFiles.md#rename-a-file) and [overwriting existing files](https://github.com/a-sully/fs/blob/e82fb4eea28b9964a0e16b3671d779527a7b9bcc/MovingNonOpfsFiles.md#overwriting-existing-files). 

We expect this to be sufficient, but can add usage limitations later on if needed

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/805#issuecomment-1472799629
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/805/1472799629@github.com>

Received on Thursday, 16 March 2023 21:55:37 UTC