- From: Craig Francis <craig@craigfrancis.co.uk>
- Date: Tue, 12 Jan 2016 10:54:18 +0000
- To: public-webappsec@w3.org
- Message-Id: <11EF94D0-A66F-477D-AF7D-859821B4DA19@craigfrancis.co.uk>
Hi, Recently I've been thinking of some of the problems with PDF's, which are useful for creating a document that can be archived, emailed, printed, etc. HTML has solutions for many of PDF's problems though, for example structured text (accessibility), ability to change layout depending on screen size (no need for small screen devices to zoom into a fixed A4 layout), can change font size, better indexing support (searching for documents), etc. Unfortunately you can't just email a HTML document to someone, as this causes a range of security problems, and including resources can be difficult (you can inline them, or use MHTML, but these are tricky to create). So I was wondering if we could take the approach that Microsoft Word did with the docx format, Java with JAR, PHP with PHAR, etc... Have a new file format, associated with the browser, which is just a ZIP/GZIP file that contains an index.html file, and everything else needed for the document. Then from a security point of view, it can be locked down to its own little box, so no access to other files on the file system, probably no access to cookies/localstorage, no ability to connect to another host (maybe). And from the users point of view, the document could be protected with a password (a feature that ZIP/GZIP provides already, and the browser can prompt for when opening). So would this help with the security aspects of emailing HTML files to people (e.g. reports), and be better than PDFs? Craig https://code.google.com/p/chromium/issues/detail?id=575677 <https://code.google.com/p/chromium/issues/detail?id=575677> https://bugzilla.mozilla.org/show_bug.cgi?id=1237990 <https://bugzilla.mozilla.org/show_bug.cgi?id=1237990>
Received on Tuesday, 12 January 2016 10:54:49 UTC