I've been convinced that the there's not enough need for a element to
introduce one, mostly by
Tab Atkins Jr.
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-December/029585.html
and Benjamin Hawkes-Lewis
http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2010-December/029586.html
> So, it's not so much the security issue (the browser's job), but an
> appearance-of-fault issue: the site not wanting to be blamed if the
> browser fails at that job.
Well, the browser does the best it can (i.e., documents the origin of
a download), and the user does the best he can (examines th
On Sat, Apr 30, 2011 at 2:54 PM, Michal Zalewski wrote:
> My concern is a bit more straightforward. To use a practical example:
> just because a social networking site allows nearly arbitrary JPEG
> files to be uploaded and served as profile pictures (Content-Type:
> image/jpeg) does not mean that
> Maybe a bit more contriving could come up with a more plausible example.
My concern is a bit more straightforward. To use a practical example:
just because a social networking site allows nearly arbitrary JPEG
files to be uploaded and served as profile pictures (Content-Type:
image/jpeg) does no
On Sat, Apr 30, 2011 at 2:24 PM, Michal Zalewski wrote:
> Note that somewhat counterintuitively, there would be some security
> concerns with markup-level content disposition controls (or any JS
> equivalent). For example, consider evil.com doing this:
>
> disposition='attachment; filename="Impor
Note that somewhat counterintuitively, there would be some security
concerns with markup-level content disposition controls (or any JS
equivalent). For example, consider evil.com doing this:
Downloading files in general is a very problematic area, because
there's a very fragile transition betwee
On Sat, Apr 30, 2011 at 1:26 PM, Bjartur Thorlacius
wrote:
> On 3/21/11, Philip Jägenstedt wrote:
>> On http://foolip.org/microdatajs/live/#json I have a "Download it!"
>> function which uses data: URLs to save JSON generated by JavaScript. The
>> only real limitation with this approach is that o
On Mon, Apr 11, 2011 at 1:28 PM, Glenn Maynard wrote:
> On Mon, Apr 11, 2011 at 12:48 PM, Eric Uhrhane wrote:
>>
>> Folks did propose making FileSaver do this at TPAC, but we haven't
>> gotten around to hashing out the details yet. The idea was that
>> FileSaver would take a URL instead of a Blo
On 3/21/11, Philip Jägenstedt wrote:
> On http://foolip.org/microdatajs/live/#json I have a "Download it!"
> function which uses data: URLs to save JSON generated by JavaScript. The
> only real limitation with this approach is that one cannot suggest a file
> name, so in Opera the suggested file n
On Sun, May 1, 2011 at 1:52 AM, Glenn Maynard wrote:
> On Sat, Apr 30, 2011 at 5:23 AM, Robert O'Callahan
> wrote:
> > The application could have a settings page with a checkbox "Enable
> desktop
> notifications". When you click on that box, the browser shows its (passive,
> asynchronous) UI for
On Sat, Apr 30, 2011 at 3:30 AM, Simon Heckmann wrote:
> I agree: That is why the example you quote from my previous mail went on
> like this:
> As the users continue to use the page, the web site could check the status
> of the permission using javascript and remind the user to rethink his
> perm
On Sat, Apr 30, 2011 at 11:41 AM, Glenn Maynard wrote:
> This is why--in general--I like the model so far: the user is asked for
> permission in response to actually doing something that uses a feature. In
> the notepad app, you're asked for permission to access the internet when
> you
> select
Am 30.04.2011 um 01:41 schrieb Glenn Maynard :
> On Fri, Apr 29, 2011 at 6:40 PM, Simon Heckmann wrote:
>
>>> Some challenges include:
>>>
>>> * how to justify the request to the user being asked to grant the
>> privileges
>>>starting with a text string and a link to more information
>>
13 matches
Mail list logo