- From: Anne van Kesteren <annevk@opera.com>
- Date: Wed, 10 Jun 2009 16:48:24 +0200
- To: "WebApps WG" <public-webapps@w3.org>
"The rule for extracting file data from a file entry is described in this section." This begs the question what a section is in this specification. It seems that the next paragraph defines this algorithm rather, not the whole section. Hopefully this becomes more clear when you restructure it to have useful sections. "Exactly how to extract a file from a Zip archive is beyond the scope of this specification. Instead, implementers must follow the [ZIP] specification's instructions on how to extract a file from the Zip archive." I suggest to drop the first sentence as the next sentence makes it in scope (although the specification defers to another specification for the actual algorithm). "It is optional for a user agent to extract all the files in a Zip archive at the same time. The user agent may extract specific files as they are needed for processing." I think this should be an informative note instead as you cannot test this assertion so it is irrelevant. "As a security precaution, implementations are discouraged from extracting file entries from un-trusted widgets directly onto the file system. Instead, implementations should consider a virtual file system or mapping to access files inside" Please do not use RFC 2119 terminology in non-normative text. I also think it is bad form to put security precautions in a note. -- Anne van Kesteren http://annevankesteren.nl/
Received on Wednesday, 10 June 2009 14:49:03 UTC