Re: [whatwg] Accessing local files with JavaScript portably and securely

On Sat, Apr 15, 2017 at 6:09 AM, Philipp Serafin wrote: > If I see this correctly, we're currently talking about two different > use-cases for file/directory access: > > 1) … > > 2) Loading (parts of) the app itself from a local filesystem, possibly > without any network

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Wed, Apr 19, 2017 at 9:55 PM, Yay295 wrote: > Maybe a solution then would be to provide a way to request more storage > space? Sounds like it. At least in Firefox https://storage.spec.whatwg.org/ will provide that soonish, including the guarantee that the browser won't

Re: [whatwg] Accessing local files with JavaScript portably and securely

Maybe a solution then would be to provide a way to request more storage space? On Wed, Apr 19, 2017 at 1:35 PM, Joshua Bell wrote: > On Wed, Apr 19, 2017 at 8:23 AM, Roger Hågensen > wrote: > > > On 2017-04-19 11:28, Anne van Kesteren wrote: > > >

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Wed, Apr 19, 2017 at 8:23 AM, Roger Hågensen wrote: > On 2017-04-19 11:28, Anne van Kesteren wrote: > >> I already pointed to https://wicg.github.io/entries-api/ as a way to >> get access to a directory of files and as a way to >> get access to a sequence of files.

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-19 11:28, Anne van Kesteren wrote: I already pointed to https://wicg.github.io/entries-api/ as a way to get access to a directory of files and as a way to get access to a sequence of files. Both for read access. I haven't seen any interest to go beyond that. Is this the Filesystem

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月19日 17:28, Anne van Kesteren 写道: On Wed, Apr 19, 2017 at 11:08 AM, duanyao wrote: This is really not intended. I just don't quite understand some of those points. For example, Is "the web being fundamentally linked to HTTP" just the current status of the industry,

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Wed, Apr 19, 2017 at 11:08 AM, duanyao wrote: > This is really not intended. I just don't quite understand some of those > points. For example, > Is "the web being fundamentally linked to HTTP" just the current status of > the industry, or > the inherent philosiphy of the

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月19日 16:09, Anne van Kesteren 写道: On Wed, Apr 19, 2017 at 5:45 AM, duanyao wrote: These have been a lot of discussion on that in this thread. Do you think writing a more formal document would be helpful? Perhaps. Fundamentally, I don't think you've made a

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Wed, Apr 19, 2017 at 5:45 AM, duanyao wrote: > These have been a lot of discussion on that in this thread. Do you think > writing a more formal document would be helpful? Perhaps. Fundamentally, I don't think you've made a compelling enough case for folks to become

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月19日 02:23, Ian Hickson 写道: The main thing that seems to be missing from this thread is any commitment from any browser vendors to actually support any changes in this space. Yes, and I had been pessimistic about that even before I join this thread. Actually I join the discussion

Re: [whatwg] Accessing local files with JavaScript portably and securely

o: Richard Maher; wha...@whatwg.org Subject: Re: [whatwg] Accessing local files with JavaScript portably and securely On Tue, Apr 18, 2017 at 3:36 PM Richard Maher <maher...@hotmail.com<mailto:maher...@hotmail.com>> wrote: > The main thing that seems to be missing from this thread

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Tue, Apr 18, 2017 at 3:36 PM Richard Maher wrote: > > The main thing that seems to be missing from this thread is any > commitment > > from any browser vendors to actually support any changes in this space. > > It has been my experience that browser vendors, more often

Re: [whatwg] Accessing local files with JavaScript portably and securely

> The main thing that seems to be missing from this thread is any commitment > from any browser vendors to actually support any changes in this space. It has been my experience that browser vendors, more often than not, require at least a (proposed) standard before they will consider

Re: [whatwg] Accessing local files with JavaScript portably and securely

The main thing that seems to be missing from this thread is any commitment from any browser vendors to actually support any changes in this space. I would recommend the following steps for anyone hoping to push changes to Web specifications on this topic: - Approach Web browser vendors privately,

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月18日 19:27, Ashley Sheridan 写道: On 18 April 2017 12:18:57 BST, duanyao wrote: 在 2017年04月18日 18:52, Ashley Sheridan 写道: Maybe no. "files" is a generic word, so if you make every "xxx_files/" folders magical, it's quite possible that there are folders happen to

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月18日 19:27, Ashley Sheridan 写道: On 18 April 2017 12:18:57 BST, duanyao wrote: 在 2017年04月18日 18:52, Ashley Sheridan 写道: Maybe no. "files" is a generic word, so if you make every "xxx_files/" folders magical, it's quite possible that there are folders happen to

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 18 April 2017 12:18:57 BST, duanyao wrote: >在 2017年04月18日 18:52, Ashley Sheridan 写道: >> >>> Maybe no. "files" is a generic word, so if you make every >"xxx_files/" >>> folders magical, it's quite possible that there are folders happen >to >>> ends with "_files" but are not

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月18日 18:52, Ashley Sheridan 写道: Maybe no. "files" is a generic word, so if you make every "xxx_files/" folders magical, it's quite possible that there are folders happen to ends with "_files" but are not intented to be local web apps. If you require a `xxx.html` to make "xxx_files/"

Re: [whatwg] Accessing local files with JavaScript portably and securely

>Maybe no. "files" is a generic word, so if you make every "xxx_files/" >folders magical, it's quite possible that there are folders happen to >ends with "_files" but are not intented to be local web apps. If you >require a `xxx.html` to make "xxx_files/" magical, it is a little >awkward and

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月18日 16:08, Anne van Kesteren 写道: On Tue, Apr 18, 2017 at 9:57 AM, Roger Hågensen wrote: Searching Google for "offline webapp discussion group" turns up https://www.w3.org/wiki/Offline_web_applications_workshop and that's sadly from 2011. There is

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月18日 16:09, Roger Hågensen 写道: On 2017-04-17 15:22, duanyao wrote: This can handle multipage fine as well. Anything in the folder test.html_files is considered sandboxed under test.html The problem is, what if users open `test_files\page2.html`or `test_files\page3.html`directly? Can

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Tue, Apr 18, 2017 at 10:25 AM, Roger Hågensen wrote: > On 2017-04-18 10:08, Anne van Kesteren wrote: >> Right, those are about making applications distributed over HTTPS work >> when the user is not connected. That idea doesn't necessitate file >> URLs and we're still

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-18 10:08, Anne van Kesteren wrote: There is https://www.w3.org/TR/offline-webapps/ Right, those are about making applications distributed over HTTPS work when the user is not connected. That idea doesn't necessitate file URLs and we're still working towards that ideal with Fetch,

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-17 15:22, duanyao wrote: This can handle multipage fine as well. Anything in the folder test.html_files is considered sandboxed under test.html The problem is, what if users open `test_files\page2.html`or `test_files\page3.html`directly? Can they access `test_files\config.json`? This

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Tue, Apr 18, 2017 at 9:57 AM, Roger Hågensen wrote: > Searching Google for "offline webapp discussion group" turns up > https://www.w3.org/wiki/Offline_web_applications_workshop > and that's sadly from 2011. > > There is https://www.w3.org/TR/offline-webapps/ Right,

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-17 19:19, duanyao wrote: There are always incompatibilities between browsers, and even once standardized feature can be deprecated/removed in future, e.g. `window.showModalDialog()`, `` and ``. This happens rarely and when it happens it's a very considered decision involving lots of

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月18日 00:03, Anne van Kesteren 写道: On Mon, Apr 17, 2017 at 5:53 PM, duanyao wrote: When we want to write a web application portable across multiple server OSes, these issues could happen too. Yes, but then you run into implementation bugs. Which are a very different

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Mon, Apr 17, 2017 at 5:53 PM, duanyao wrote: > When we want to write a web application portable across multiple server > OSes, these issues could happen too. Yes, but then you run into implementation bugs. Which are a very different category from proprietary OS design

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月17日 21:39, Anne van Kesteren 写道: On Mon, Apr 17, 2017 at 3:32 PM, duanyao wrote: So you mean file: protocol is not portable? For absolute file: url, true; for relative url, almost not true. When writing web pages, no one use absolute file: urls in practice, so this

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Mon, Apr 17, 2017 at 3:32 PM, duanyao wrote: > So you mean file: protocol is not portable? For absolute file: url, true; > for relative url, almost not true. > > When writing web pages, no one use absolute file: urls in practice, so this > is a non-issue. Neither is portable

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月17日 21:04, Anne van Kesteren 写道: On Mon, Apr 17, 2017 at 2:54 PM, duanyao wrote: 在 2017年04月15日 02:09, Domenic Denicola 写道: file: URLs are part of the web, e.g. parsing such URLs when used in tags, just like gopher: URLs or mailto: URLs. The behavior once

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月17日 20:43, Roger Hågensen 写道: On 2017-04-17 13:53, duanyao wrote: For single page application, browsers restrict `foo.html`'s permission to `foo_files/` in the same parent directory. Note that it is already a common practice for browsers to save a page's resource to a `xxx_files/`

Re: [whatwg] Accessing local files with JavaScript portably and securely

On Mon, Apr 17, 2017 at 2:54 PM, duanyao wrote: > 在 2017年04月15日 02:09, Domenic Denicola 写道: >> file: URLs are part of the web, e.g. parsing such URLs when used in >> tags, just like gopher: URLs or mailto: URLs. The behavior once navigating >> to file: URLs (or gopher: URLs, or

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月15日 02:09, Domenic Denicola 写道: From: David Kendal [mailto:m...@dpk.io] This is getting silly. says the WHAT WG's purpose is to 'evolve the Web'; since file: URIs are part of the web, this problem falls within the WHAT WG's remit. file:

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-17 13:53, duanyao wrote: For single page application, browsers restrict `foo.html`'s permission to `foo_files/` in the same parent directory. Note that it is already a common practice for browsers to save a page's resource to a `xxx_files/` directory; browsers just need to grant the

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月16日 01:54, David Kendal 写道: On 15 Apr 2017, at 14:07, Roger Hågensen wrote: Patrick makes a good point. For example asking a user if it' sok for the HTML document to access stuff in "C:\Users\Username\AppData\Local\Temp\" what do you think most uses will do?

Re: [whatwg] Accessing local files with JavaScript portably and securely

David Kendal 於 4/15/2017 12:54 PM 寫道: On 15 Apr 2017, at 14:07, Roger Hågensen wrote: Patrick makes a good point. For example asking a user if it' sok for the HTML document to access stuff in "C:\Users\Username\AppData\Local\Temp\" what do you think most uses will do?

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 15 Apr 2017, at 14:07, Roger Hågensen wrote: > Patrick makes a good point. > > For example asking a user if it' sok for the HTML document to access > stuff in "C:\Users\Username\AppData\Local\Temp\" what do you think most > uses will do? > Just click OK, after all

Re: [whatwg] Accessing local files with JavaScript portably and securely

If I see this correctly, we're currently talking about two different use-cases for file/directory access: 1) Giving HTML apps the ability to "open" and edit local user-provided files and directories in a similar manner to desktop apps (the soundboard example) 2) Loading (parts of) the app itself

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-15 11:58, David Kendal wrote: On 15 Apr 2017, at 01:09, Patrick Dark wrote: So if you put this file in the Windows Downloads directory, then it has read access to all download files even though they aren't related? Ah, well, that's why you

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 15 Apr 2017, at 01:09, Patrick Dark wrote: > So if you put this file in the Windows Downloads directory, then it > has read access to all download files even though they aren't related? > And it grants access to all of those files—some of which may

Re: [whatwg] Accessing local files with JavaScript portably and securely

David Kendal 於 4/9/2017 4:51 AM 寫道: A proposed solution, though far from the only one possible: There should be a new API something like this: window.requestFilesystemPermission(requestedOrigin); which does something like - If permission was already granted for the specified requestedOrigin

Re: [whatwg] Accessing local files with JavaScript portably and securely

To set aside the previous thread, I'd like to make a renewed call for input on my actual proposal, including counter-proposals, potential flaws in my design, etc. Then perhaps we can make some progress here. dpk On 9 Apr 2017, at 10:51, David Kendal wrote: > Moin, > > Over the

Re: [whatwg] Accessing local files with JavaScript portably and securely

Dera Patrick, Dear David , dearest all: Nowadays, there is an agreement this may become an sterile debate, if the issue is that there is no time to invest, neither and agreement on what should be done. I propose, if there is any interest on the matter we are arguing, to open a branch, and

Re: [whatwg] Accessing local files with JavaScript portably and securely

David Kendal 於 4/14/2017 11:58 AM 寫道: On 11 Apr 2017, at 19:50, Patrick Dark wrote: The "world wide web" is the user-facing portion of the Internet. Files on a CD or USB drive are not part of that. You are continuing to dodge this problem by

Re: [whatwg] Accessing local files with JavaScript portably and securely

From: David Kendal [mailto:m...@dpk.io] > This is getting silly. > says the WHAT WG's purpose is to 'evolve the Web'; since file: URIs are part > of the web, this problem falls within the WHAT WG's remit. file: URLs are part of the web, e.g. parsing

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 14 Apr 2017, at 18:30, Domenic Denicola wrote: > > You are continuing to dodge this problem by redefining the WHAT WG's > > responsibilities. Please don't do that. > > I don't intend to take direction on how I spend my time from you. Fine; you don't personally have to work

Re: [whatwg] Accessing local files with JavaScript portably and securely

Hi all: Agreed, David Thank you very uch for pointing us to the URL https://fetch.spec.whatwg.org/#basic-fetch BTW: It's not our mission to discourage users ( netters) to --ehem -- use a modern browser featured in her/his personal device for personal purposes ( as it is the exercise to

Re: [whatwg] Accessing local files with JavaScript portably and securely

From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of > You are continuing to dodge this problem by redefining the WHAT WG's > responsibilities. Please don't do that. I don't intend to take direction on how I spend my time from you. I'd be curious as to whether you can find any

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 11 Apr 2017, at 19:50, Patrick Dark wrote: > The "world wide web" is the user-facing portion of the Internet. Files > on a CD or USB drive are not part of that. You are continuing to dodge this problem by redefining the WHAT WG's responsibilities.

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-11 14:50, Philipp Serafin wrote: Patrick Dark schrieb am Di., 11. Apr. 2017 um 13:55 Uhr: [...] The only good reason to distribute an application this way is because you want it to be confidential [...] Another use-case would be to develop a HTML app that does not require internet

Re: [whatwg] Accessing local files with JavaScript portably and securely

David: Agreed. Shall we start to think on the native modern browsers, desktops ( which are integrated with the DOM, as much as I have perceived ) TouchScreen, connected to the web, and ASF or other networks (IoT comes to mind) ? A modern DOM update version of the known trick [autorun]

Re: [whatwg] Accessing local files with JavaScript portably and securely

在 2017年04月11日 20:04, Patrick Dark 写道: Jan Tosovsky 於 4/10/2017 5:38 PM 寫道: On 2017-04-10 David Kendal wrote: On 2017-04-09 Jan Tosovsky wrote: On 2017-04-09 David Kendal wrote: ... there are many possible uses for local static files accessing other local static files: the one I have in mind

Re: [whatwg] Accessing local files with JavaScript portably and securely

We should be aware of the security risks when recommand a "simple web server". * Most (if not all) simple web servers don't block access from non-local hosts by default, which can leak users' files. Although your firewall can block them for you, users do need unblock non-local hosts

Re: [whatwg] Accessing local files with JavaScript portably and securely

Dear all: I agree with the need to consider file:// ( or at least re-consider the missing functionality) applicable to exec files / directories with HTML documents, stored on physical devices ( like USBs or CD-DVDs), even it might sound uselessness in the _cloudy_ times we live. This HTML

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-11 Patrick Dark wrote: > Jan Tosovsky 2017-04-10 wrote: > > > On 2017-04-09 David Kendal wrote: > > > > > > ... there are many possible uses for local static files > > > accessing other local static files: the one I have in mind > > > is shipping static files on CD-ROM or USB stick...

Re: [whatwg] Accessing local files with JavaScript portably and securely

David Kendal 於 4/11/2017 11:46 AM 寫道: On 11 Apr 2017, at 17:01, Domenic Denicola wrote: Bingo. This mailing list is for developing technology for the world wide web, not for peoples' local computers. The World Wide Web includes peoples' own computers. file:// is a URI scheme

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 11 April 2017 at 18:01, Domenic Denicola wrote: > From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of > Patrick Dark > > > I can't see this being addressed. The only good reason to distribute an > application this way is because you want it to be confidential

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 11 Apr 2017, at 17:01, Domenic Denicola wrote: > Bingo. This mailing list is for developing technology for the world > wide web, not for peoples' local computers. The World Wide Web includes peoples' own computers. file:// is a URI scheme for exactly that reason. Every

Re: [whatwg] Accessing local files with JavaScript portably and securely

Domenic Denicola schrieb am Di., 11. Apr. 2017 um 18:01 Uhr: > From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of > Patrick Dark > > Bingo. This mailing list is for developing technology for the world wide > web, not for peoples' local computers. > Doesn't that

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 11 Apr 2017, at 12:55, Patrick Dark wrote: > I can't see this being addressed. The only good reason to distribute > an application this way is because you want it to be confidential and > there's no incentive to accommodate what one might call "walled

Re: [whatwg] Accessing local files with JavaScript portably and securely

From: whatwg [mailto:whatwg-boun...@lists.whatwg.org] On Behalf Of Patrick Dark > I can't see this being addressed. The only good reason to distribute an > application this way is because you want it to be confidential and there's no > incentive to accommodate what one might call "walled

Re: [whatwg] Accessing local files with JavaScript portably and securely

Patrick Dark schrieb am Di., 11. Apr. 2017 um 13:55 Uhr: > [...] The only good reason to distribute an application this way is > because you want it to be confidential [...] > Another use-case would be to develop a HTML app that does not require internet

Re: [whatwg] Accessing local files with JavaScript portably and securely

Jan Tosovsky 於 4/10/2017 5:38 PM 寫道: On 2017-04-10 David Kendal wrote: On 2017-04-09 Jan Tosovsky wrote: On 2017-04-09 David Kendal wrote: ... there are many possible uses for local static files accessing other local static files: the one I have in mind is shipping static files on CD-ROM or

Re: [whatwg] Accessing local files with JavaScript portably and securely

David Kendal 於 4/9/2017 4:51 AM 寫道: This is a shame because there are many possible uses for local static files accessing other local static files: the one I have in mind is shipping static files on CD-ROM or USB stick, but there is also the more obvious (and probably more common) use of local

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-10 David Kendal wrote: > On 2017-04-09 Jan Tosovsky wrote: > > On 2017-04-09 David Kendal wrote: > > > > > ... there are many possible uses for local static files accessing > > > other local static files: the one I have in mind is shipping static > > > files on CD-ROM or USB stick... >

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 9 April 2017 at 11:51, David Kendal wrote: > Moin, > > Over the last few years there has been a gradual downgrading of support > in browsers for running pages from the file: protocol. Most browsers now > have restrictions on the ability of JavaScript in such pages to access >

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 9 Apr 2017, at 20:36, Jan Tosovsky wrote: > On 2017-04-09 David Kendal wrote: > > > ... there are many possible uses for local static files accessing > > other local static files: the one I have in mind is shipping static > > files on CD-ROM or USB stick... > > In

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 9 Apr 2017, at 14:48, Philipp Serafin wrote: > Note also that the HTTP server solution requires you to ship a binary > (the server) with your files, therefore sacrificing platform > independence and requiring the user to run an untrusted binary, all > just to show some HTML

Re: [whatwg] Accessing local files with JavaScript portably and securely

I support such an approach and have found the usual "use a server" response a bit disheartening. Besides the stated cases, I believe it should just be easy for new programmers, children, etc., to try out simple projects with nothing more than a browser and text editor (and the console is not

Re: [whatwg] Accessing local files with JavaScript portably and securely

I know this doesn't address your CD-ROM/USB stick situation but FYI... for the dev situation there are many *SUPER* simple web servers https://greggman.github.io/servez/ https://github.com/cortesi/devd/ https://github.com/indexzero/http-server/

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 2017-04-09 David Kendal wrote: > > ... there are many possible uses for local static files accessing > other local static files: the one I have in mind is shipping static > files on CD-ROM or USB stick... In this case the file structure is fixed so it can be exported as JSON file and then

Re: [whatwg] Accessing local files with JavaScript portably and securely

Note also that the HTTP server solution requires you to ship a binary (the server) with your files, therefore sacrificing platform independence and requiring the user to run an untrusted binary, all just to show some HTML files. Jonathan Zuckerman schrieb am So., 9. Apr.

Re: [whatwg] Accessing local files with JavaScript portably and securely

The solution most developers use is to run a simple web server that hosts static content, it's a much simpler solution than the API you propose and requires no changes to the spec. It doesn't address the CD-ROM use case, though.. On Sun, Apr 9, 2017 at 06:11 Melvin Carvalho

Re: [whatwg] Accessing local files with JavaScript portably and securely

On 9 April 2017 at 11:51, David Kendal wrote: > Moin, > > Over the last few years there has been a gradual downgrading of support > in browsers for running pages from the file: protocol. Most browsers now > have restrictions on the ability of JavaScript in such pages to access >