- 1 Items Reviewed
- 2 Introduce Feature
- 3 Threat Brainstorming
- 4 Conclusions / Action Items
File Saver - bug 648998
Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)
- to provide a way to save files from the web, prompt user for download
- call with a DOM file or blob that you want to save to disk
- UI for file saving and canceling, etc
- not HTML5 stuff
What solutions/approaches were considered other than the proposed solution?
- part of file API spec
Why was this solution chosen?
Any security threats already considered in the design and why?
- Spamming the user to death with dialogs (UX DoS)
- will implement "never show this alert again" feature -- remembered only for the current window
- Bypasses firewall protections for automatic/prompted downloads
- Proposed solution is (see below) to add a pref for disabling this feature
- uses same API as download manager & gets mark of the web and virus-scanned<-- should be tested
- hooks for extensions?
- can downloaded file have executable bit set or executables be saved with exec-able extensions?
- need to ensure that these have same policies applied as regular downloads (no run button)
- Does page keep access to file after it is saved? (No, it's just saved and then "hands off, page, you're done.")
- truncate() concerns
- this is part of FileWriter which is a different feature
- create file call truncate, file gets extended
- no, this spec item is not on the list to be implemented
Conclusions / Action Items
- Add pref for disabling feature (esp. for other Gecko-based products who don't want to allow it)
- Ensure that disabling the feature also disables feature-detecting webpages. I.e. interface object needs to be gone
- Add tests to ensure that files downloaded through this feature go through virus-scanner hooks/ dowload mgr API
- and get mark of the web
- Verify and add test to ensure that executable files saved via this feature result in user being presented with same UX as regular downloaded files (e.g., no run button, just save button).
- No further work speced at this time.