From MozillaWiki
Jump to: navigation, search

Items Reviewed

File Saver - bug 648998

Introduce Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • to provide a way to save files from the web, prompt user for download
  • call with a DOM file or blob that you want to save to disk
  • UI for file saving and canceling, etc
  • not HTML5 stuff

What solutions/approaches were considered other than the proposed solution?

  • part of file API spec

Why was this solution chosen?

  • ^^

Any security threats already considered in the design and why?

  • Spamming the user to death with dialogs (UX DoS)
    • will implement "never show this alert again" feature -- remembered only for the current window

Threat Brainstorming

  • Bypasses firewall protections for automatic/prompted downloads
    • Proposed solution is (see below) to add a pref for disabling this feature
  • uses same API as download manager & gets mark of the web  and virus-scanned<-- should be tested
  • hooks for extensions?
  • can downloaded file have executable bit set or executables be saved with exec-able extensions?
    • need to ensure that these have same policies applied as regular downloads (no run button)
  • Does page keep access to file after it is saved?  (No, it's just saved and then "hands off, page, you're done.")
  • truncate() concerns
    • this is part of FileWriter which is a different feature
    • create file call truncate, file gets extended
    • no, this spec item is not on the list to be implemented

Conclusions / Action Items

  • Add pref for disabling feature (esp. for other Gecko-based products who don't want to allow it)
    • Ensure that disabling the feature also disables feature-detecting webpages. I.e. interface object needs to be gone
  • Add tests to ensure that files downloaded through this feature go through virus-scanner hooks/ dowload mgr API
    • and get mark of the web
  • Verify and add test to ensure that executable files saved via this feature result in user being presented with same UX as regular downloaded files (e.g., no run button, just save button).
  • No further work speced at this time.