Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update the Security and Privacy Questionnaire #421

Open
a-sully opened this issue Jun 22, 2023 · 2 comments
Open

Update the Security and Privacy Questionnaire #421

a-sully opened this issue Jun 22, 2023 · 2 comments
Labels
clarification Standard could better describe desired behavior

Comments

@a-sully
Copy link
Collaborator

a-sully commented Jun 22, 2023

The questionnaire has changed over the years, and we should update this specification's answers to it, which are currently based on a 2019 version

In particular, new sections about non-fully-active documents are relevant to the recent proposals for new access modes for FileSystemSyncAccessHandle (see w3ctag/design-reviews#845 (comment)) and the FileSystemObserver interface
@a-sully a-sully added the clarification Standard could better describe desired behavior label Jun 22, 2023
@a-sully a-sully mentioned this issue Jun 23, 2023
Closed
1 task
@jimmywarting
Copy link

This feature exposes files and directories the user explicitly selects to share with web sites with those web sites. This feature doesn't expose any more information than is already exposed via and today.

I would like to add to that note that there is also a method of using DataTransferItem.prototype.webkitGetAsEntry which is more powerful coming from a drag and drop event.

Here you have to possibility to read a file / folder over and over again and seeing new entries that have been added or changed. You can also read the content of a folder async which dose not block the main thread as opposite to the webkitdirectory which requires iterating over all files recursively.

picking a large folder using webkitdirectory is troublesome b/c it freezes the tab. both webkitGetAsEntry and the new getAsFileSystemHandle solves this problem. as it's only reading the content of one folder. so i think getAsFileSystemHandle is necessary / very useful.

@jimmywarting
Copy link

You should also try to address Mozillas concern and there position on it.

"There's a subset of this API mozilla is quite enthusiastic about (in particular providing a read/write API for files and directories as alternative storage endpoint), but it is wrapped together with aspects for which we do not think meaningful end user consent is possible to obtain (in particular cross-site access to the end user's local file system). Overall we consider this harmful therefore, but Mozilla could be supportive of parts, provided this were segmented better."

so it maybe needs to address the "cross-site access" section of it all. making it more clear that a file handle from Site A can't be accessed from site B. That handles can't be transfered with postMessage

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clarification Standard could better describe desired behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jimmywarting @a-sully