Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 15 submissions in the queue.
posted by martyb on Sunday November 25 2018, @01:59AM   Printer-friendly
from the welcome-to-the-danger-zone dept.

Google and Mozilla are working together on a method to let web apps gain access to users' files.

A group led by Google and Mozilla is working to make it easy to edit files using browser-based web apps but wants advice on how to guard against the "major" security and privacy risks.

The idea is to allow users to save changes they've made using web apps, without the hassle of having to download new files after each edit, as is necessary today.

[...] the W3C Web Incubator Community Group (WICG), which is chaired by representatives from Chrome developer Google and Firefox developer Mozilla, is working on developing the new Writable Files API, which would allow web apps running in the browser to open a file, edit it, and save the changes back to the same file.

However, the group says the biggest challenge will be guarding against malicious sites seeking to abuse persistent access to files on a user's system.

"By far the hardest part for this API is of course going to be the security model to use," warns the WICG's explainer page for the API.

"The API provides a lot of scary power to websites that could be abused in many terrible ways.

What could possibly go wrong?


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by Chromium_One on Monday November 26 2018, @08:22AM (1 child)

    by Chromium_One (4574) on Monday November 26 2018, @08:22AM (#766390)

    Modern browsers are already big, complicated beasts that have far more functionality than the Web needs or puts to good use. Seriously, show me pages with nice formatting, allow forms entry, and everything after that needs to be argued to hell and back for use cases before even considering adding it back in. No, your web sales portal does not need to be able to query my browser for OS, installed fonts, currently running background programs, which links were hovered over for how long, attempt to scrae pages I've got open in other tabs, or run an e-coin miner for you until I reboot the machine because you held the session open even after the browser window was closed. No, go fuck yourselves for all of that.

    --
    When you live in a sick society, everything you do is wrong.
  • (Score: 2) by Pino P on Monday November 26 2018, @04:40PM

    by Pino P (4721) on Monday November 26 2018, @04:40PM (#766481) Journal

    allow forms entry

    A good user experience for forms entry includes spot-checks on a few constraints without having to take a round trip to the server for authoritative validation every single time. HTML5 added a few declarative constraints on input elements, but in my experience, HTML5 input constraints are not sufficient to express all constraints that a user expects to be checked before submission. For example, there's no way without script to make a field conditionally required or not based on the value of another field. HTML5's image input element also lacks a way to submit drag gestures, which are needed for image input that is more than just a single point. Good luck making whiteboard chat or signature entry without script.

    No, your web sales portal does not need to be able to query my browser for OS

    Once you decide to purchase a copy of a native application, how should it be able to tell whether to list the Windows version first, list the macOS version first, or list the X11/Linux version first? Detecting the operating system under the assumption that the application will be used on the same platform on which it was purchased reduces the cost of handling tech support tickets from non-technical users who chose the wrong version.