On Wed, Sep 19, 2012 at 11:50 PM, James Graham <jgra...@opera.com> wrote:
> > > On Wed, 19 Sep 2012, Adam Barth wrote: > > On Wed, Sep 19, 2012 at 1:46 PM, James Graham <jgra...@opera.com> wrote: >> >>> On Wed, 19 Sep 2012, Edward O'Connor wrote: >>> >>>> Olli wrote: >>>> >>>>> I think we should discuss about moving File API: Directories and >>>>> System API from Recommendation track to Note. >>>>> >>>> >>>> Sounds good to me. >>>> >>> >>> Indeed. We are not enthusiastic about implementing an API that has to >>> traverse directory trees as this has significant technical challenges, or >>> may expose user's path names, as this has security implications. Also >>> AIUI >>> this API is not a good fit for all platforms. >>> >> >> There's nothing in the spec that exposes user paths. That's just FUD. >> > > I was thinking specifically of the combination of this and Drag and Drop > and this API. I assumed that at some level one would end up with a bunch on > Entry objects which seem to expose a path. It then seems that then a user > who is tricked into dragging their root drive onto a webapp would expose > all their paths. > > It is quite possible that this is a horrible misunderstanding of the spec, > and if so I apologise. Nevertheless I think it's poor form to immediately > characterise an error as a deliberate attempt to spread lies. > > In any case my central point remains which is that would support this spec > moving off the Rec. track at this time. > > File path information is already exposed via <input type=file multiple>. "File names may contain partial paths." http://www.whatwg.org/specs/web-apps/current-work/multipage/states-of-the-type-attribute.html#concept-input-type-file-selected -Darin