W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: File API Feedback

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 19 Jun 2009 23:05:28 +0000 (UTC)
To: Jonas Sicking <jonas@sicking.cc>
Cc: timeless <timeless@gmail.com>, arun@mozilla.com, Boris Zbarsky <bzbarsky@mit.edu>, Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
Message-ID: <Pine.LNX.4.62.0906192259550.16244@hixie.dreamhostps.com>
On Fri, 19 Jun 2009, Jonas Sicking wrote:
> The problems that seems like they need to be solved are security (are 
> these URIs accessible by any domain), and lifetime (how long does the 
> URI work).

The security would be that the origin of these URLs is fixed to be the 
origin of the script context (the "first script" in HTML5 terms) that 
invoked the method that minted the URL.

The lifetime... the easiest lifetime is the same lifetime as the Document 
of the script that was used to get the origin. This can lead to these URLs 
floating around after they have died, though; e.g. you could take an 
<img>, pass it to a script in another doc, and have the Document totally 
be GC'ed while the other <img> element still exists, and then the URL 
suddenly fails if it is used in another <img>.

The most conservative lifetime would be the lifetime of the browser, but 
that may be overly long.

Maybe we should have an API that, given one of these URLs, can return a 
File object (e.g. maybe the File object has a constructor that takes a URL 
and then that File can be used to refer to that URL, which might actually 
be useful in general); if we have that, then anyone who wants the URL to 
be usable beyond the original lifetime of the Document but that doesn't 
have access to the original File can just spawn a new one.

So my proposal would be to make the lifetime that of the creating script's 

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 19 June 2009 23:06:03 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC