Re: Rename “File API” to “FileReader API”?

On Nov 11, 2009, at 12:36 AM, Arve Bersvendsen wrote:

> On Wed, 11 Nov 2009 02:47:50 +0100, Maciej Stachowiak  
> <mjs@apple.com> wrote:
>
>> I think file writing (once the script has securely received a file  
>> handle) has different security considerations than directory  
>> manipulation and opening of arbitrary files. File writing should be  
>> designed with the browser security model in mind, because it's  
>> something that is reasonable to expose to Web content, given the  
>> right model for getting a writable handle (private use area or  
>> explicitly chosen by the user via "Save As" dialog)
>
> Note that both explicit content and private use areas/sandboxes has  
> security implications.

Of course it does. Any new capability we add to the Web platform has  
security implications.

For these particular features, I would like to see designed such that  
it is reasonable to expose them to public Web content, without the  
need for trust decisions by the user or policy choices by an  
administrator or network operator. I believe that is possible. When it  
comes to directory manipulation, I am not sure such a design is  
possible, or at least, I have not heard a good proposal yet.

Regards,
Maciej

Received on Wednesday, 11 November 2009 08:44:53 UTC