On Nov 11, 2009, at 12:36 AM, Arve Bersvendsen wrote:
On Wed, 11 Nov 2009 02:47:50 +0100, Maciej Stachowiak
<m...@apple.com> wrote:
I think file writing (once the script has securely received a file
handle) has different security considerations than directory
manipulation and opening of arbitrary files. File writing should be
designed with the browser security model in mind, because it's
something that is reasonable to expose to Web content, given the
right model for getting a writable handle (private use area or
explicitly chosen by the user via "Save As" dialog)
Note that both explicit content and private use areas/sandboxes has
security implications.
Of course it does. Any new capability we add to the Web platform has
security implications.
For these particular features, I would like to see designed such that
it is reasonable to expose them to public Web content, without the
need for trust decisions by the user or policy choices by an
administrator or network operator. I believe that is possible. When it
comes to directory manipulation, I am not sure such a design is
possible, or at least, I have not heard a good proposal yet.
Regards,
Maciej
