- From: Doug Schepers <schepers@w3.org>
- Date: Mon, 02 Nov 2009 12:48:58 -0800
- To: "public-webapps@w3.org" <public-webapps@w3.org>, public-device-apis@w3.org
Hi, Folks- During the TPAC joint meeting between the WebApps and DAP WGs, we discussed security policies and use cases and requirements around saving files in different scenarios: public web resources (web pages and apps), widgets, mobile device and desktop browsers, locally-installed applications, etc. [1] To kick this thread off, I'd like to suggest the trust model that already exists for local applications and browsers, which is to open a modal dialog that allows the user to select the file the application can save to; for webapps, I suggest the extra security consideration we add is to have the file hook which is returned is completely opaque (as far as the directory and file name) to the web app, and it just knows where to write. Further, we should limit the upper bounds of the file size. I don't have any thoughts about auto-save across sessions, but it should be addressed (probably not allowed). This could be evoked through the UI convention of a file dialog, or just as a bare API (if the user preferences allow the API to ask about saving files). In any case, it should never be a "cool" webapp-specific file API dialog, only ever the native dialog of the browser (be it a desktop or mobile). Please send in use cases, requirements, concerns, and concrete suggestions about the general topic (regardless of your opinion about my suggestion). [1] http://www.w3.org/2009/11/02-dap-irc#T20-40-39-1 Regards- -Doug Schepers W3C Team Contact, SVG and WebApps WGs
Received on Monday, 2 November 2009 20:49:11 UTC