W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2012

Re: Moving File API: Directories and System API to Note track?

From: James Graham <jgraham@opera.com>
Date: Thu, 20 Sep 2012 08:50:11 +0200 (CEST)
To: Adam Barth <w3c@adambarth.com>
cc: "Edward O'Connor" <eoconnor@apple.com>, public-webapps@w3.org
Message-ID: <alpine.DEB.2.02.1209200832250.8106@sirius>

On Wed, 19 Sep 2012, Adam Barth wrote:

> On Wed, Sep 19, 2012 at 1:46 PM, James Graham <jgraham@opera.com> wrote:
>> On Wed, 19 Sep 2012, Edward O'Connor wrote:
>>> Olli wrote:
>>>> I think we should discuss about moving File API: Directories and
>>>> System API from Recommendation track to Note.
>>> Sounds good to me.
>> Indeed. We are not enthusiastic about implementing an API that has to
>> traverse directory trees as this has significant technical challenges, or
>> may expose user's path names, as this has security implications. Also AIUI
>> this API is not a good fit for all platforms.
> There's nothing in the spec that exposes user paths.  That's just FUD.

I was thinking specifically of the combination of this and Drag and Drop 
and this API. I assumed that at some level one would end up with a bunch 
on Entry objects which seem to expose a path. It then seems that then a 
user who is tricked into dragging their root drive onto a webapp would 
expose all their paths.

It is quite possible that this is a horrible misunderstanding of the spec, 
and if so I apologise. Nevertheless I think it's poor form to immediately 
characterise an error as a deliberate attempt to spread lies.

In any case my central point remains which is that would support this spec 
moving off the Rec. track at this time.
Received on Thursday, 20 September 2012 06:50:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:38 UTC