- From: James Graham <jgraham@opera.com>
- Date: Thu, 20 Sep 2012 08:50:11 +0200 (CEST)
- To: Adam Barth <w3c@adambarth.com>
- cc: "Edward O'Connor" <eoconnor@apple.com>, public-webapps@w3.org
On Wed, 19 Sep 2012, Adam Barth wrote: > On Wed, Sep 19, 2012 at 1:46 PM, James Graham <jgraham@opera.com> wrote: >> On Wed, 19 Sep 2012, Edward O'Connor wrote: >>> Olli wrote: >>>> I think we should discuss about moving File API: Directories and >>>> System API from Recommendation track to Note. >>> >>> Sounds good to me. >> >> Indeed. We are not enthusiastic about implementing an API that has to >> traverse directory trees as this has significant technical challenges, or >> may expose user's path names, as this has security implications. Also AIUI >> this API is not a good fit for all platforms. > > There's nothing in the spec that exposes user paths. That's just FUD. I was thinking specifically of the combination of this and Drag and Drop and this API. I assumed that at some level one would end up with a bunch on Entry objects which seem to expose a path. It then seems that then a user who is tricked into dragging their root drive onto a webapp would expose all their paths. It is quite possible that this is a horrible misunderstanding of the spec, and if so I apologise. Nevertheless I think it's poor form to immediately characterise an error as a deliberate attempt to spread lies. In any case my central point remains which is that would support this spec moving off the Rec. track at this time.
Received on Thursday, 20 September 2012 06:50:58 UTC