David Kendal 於 4/15/2017 12:54 PM 寫道:
On 15 Apr 2017, at 14:07, Roger Hågensen <rh_wha...@skuldwyrm.no> wrote:

Patrick makes a good point.

For example asking a user if it' sok for the HTML document to access
stuff in "C:\Users\Username\AppData\Local\Temp\" what do you think most
uses will do?
Just click OK, after all "they" have nothing important in that folder,
their stuff is in "Documents" instead.
This is why I added the restriction that pages can only request access
to directories that are parents of the directory they're in. I admit I
don't actually know much about how Windows lays out files these days --
if the 'Downloads' folder is within some other folder that also contains
a load of private stuff. If so, or if that's so on some other popular
OS, maybe I'm wrong.

"Downloads" is a sibling directory of "Documents" and child directory of the user directory on Windows 10. Since this is a catch-all downloads folder, it may contain sensitive files, so I'd imagine allowing an HTML file to read everything in this directory would be viewed as an unacceptable security risk.

Browsers could also add restrictions that you can't request access to
the root directory or top-level subdirectory of an OS volume, or what-
ever else is needed for appropriate security on a particular OS.

I'd also imagine it unlikely that anyone would want to implement a directory-dependent (i.e., operating system-dependent) JavaScript API.

It seems that what you'd need is not a new JavaScript API, but a totally new application/manifest format like *.htmlapp that contains the HTML file. This would guarantee that the HTML file is scoped to a safe quasi-directory.

However, this presents a problem since you then need viewers/editors created for this niche format to be able to easily modify the offline application. Further, this format would be a competitor format to operating system-dependent application formats, so there'd be market incentive *against* a native implementation. Why would Microsoft, for example, want to add support for this offline application format when they'd like you to create a Windows Store app instead?

Reply via email to