On 22/09/2015 15:16, Eric Rescorla wrote:
On Tue, Sep 22, 2015 at 7:07 AM, Jonas Sicking <jo...@sicking.cc> wrote:
There are spec drafts written for most of this feature, with remaining
parts on the way.
To the extent to which you're referring to:
https://wicg.github.io/directory-upload/proposal.html
I find it notable that it does not contain any security section, or to the
extent I can determine, even the word "security".
The api has been extensively discussed with all browser vendors and has
changed substantially in response to this
Can you please point me to those changes and to the security analysis?
I can only speak to:
https://wicg.github.io/directory-upload/proposal.html
since I wasn't involved in:
http://w3c.github.io/filesystem-api/
I would note that the former is derived from a section of the latter though, and
no doubt had discussions I wasn't party to.
The discussion for Directory Upload largely happened out of band to iron out any
major implementation issues before making a proposal for public feedback. As a
result I can't point you to any relevant changes per se other than those at:
https://github.com/WICG/directory-upload/commits/gh-pages
but I don't think there's anything security related in there.
As for our security analysis thats not yet concluded but you can find it in:
https://bugzilla.mozilla.org/show_bug.cgi?id=907707
and I'd encourage you to participate there.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
