- From: Eric Uhrhane <ericu@google.com>
- Date: Wed, 11 Nov 2009 15:57:24 -0800
- To: Maciej Stachowiak <mjs@apple.com>
- Cc: Arve Bersvendsen <arveb@opera.com>, Robin Berjon <robin@berjon.com>, public-device-apis@w3.org, public-webapps WG <public-webapps@w3.org>
On Wed, Nov 11, 2009 at 12:44 AM, Maciej Stachowiak <mjs@apple.com> wrote: > > On Nov 11, 2009, at 12:36 AM, Arve Bersvendsen wrote: > >> On Wed, 11 Nov 2009 02:47:50 +0100, Maciej Stachowiak <mjs@apple.com> >> wrote: >> >>> I think file writing (once the script has securely received a file >>> handle) has different security considerations than directory manipulation >>> and opening of arbitrary files. File writing should be designed with the >>> browser security model in mind, because it's something that is reasonable to >>> expose to Web content, given the right model for getting a writable handle >>> (private use area or explicitly chosen by the user via "Save As" dialog) >> >> Note that both explicit content and private use areas/sandboxes has >> security implications. > > Of course it does. Any new capability we add to the Web platform has > security implications. > > For these particular features, I would like to see designed such that it is > reasonable to expose them to public Web content, without the need for trust > decisions by the user or policy choices by an administrator or network > operator. I believe that is possible. When it comes to directory > manipulation, I am not sure such a design is possible, or at least, I have > not heard a good proposal yet. > > Regards, > Maciej How would you feel about a web app being able to write to a sandboxed per-origin filesystem with a small default quota and no prompt? Eric
Received on Wednesday, 11 November 2009 23:58:22 UTC