Intent to Implement and Ship: Limit characters allowed in extensions in File System Access API file pickers

99 views
Skip to first unread message

Marijn Kruisselbrink

unread,
Dec 2, 2020, 6:50:42 PM12/2/20
to blink-dev, asu...@chromium.org

Contact emails

m...@chromium.org


Explainer

https://github.com/WICG/file-system-access/pull/252


Specification

https://github.com/WICG/file-system-access/pull/252


API spec

Yes


Summary

To improve security, the File System Access API's showOpenFilePicker and showSaveFilePicker will limit what characters are allowed in extensions for accepted file types.


Specifically only A-Z, a-z, 0-9, + and . will be allowed, extensions can't end in .local or .lnk, and can't be more than 16 characters long.



Blink component

Blink>Storage>FileSystem


TAG review

https://github.com/w3ctag/design-reviews/issues/580


TAG review status

Pending (but since this addresses a security issue we would like to ship this without blocking on getting TAG review completed. We will try to address any feedback we would get later).


Risks



Interoperability and Compatibility



Gecko: No signal (https://github.com/mozilla/standards-positions/issues/154) This modifies the File System Access API, for which Firefox hasn't yet expressed an official position.



WebKit: Negative (https://lists.webkit.org/pipermail/webkit-dev/2020-August/031362.html)


Web developers: No signals


Security

This is a mitigation for a potential security issue with the initially shipped feature.



Is this feature fully tested by web-platform-tests?

Yes


Link to entry on the Chrome Platform Status

https://www.chromestatus.com/feature/4768827940274176


Alex Russell

unread,
Dec 3, 2020, 3:33:10 PM12/3/20
to blink-dev, Marijn Kruisselbrink, asu...@chromium.org
LGTM1

yo...@yoav.ws

unread,
Dec 3, 2020, 3:35:26 PM12/3/20
to blink-dev, Marijn Kruisselbrink, asu...@chromium.org
It's not clear to me that this is web exposed. Is it?

Marijn Kruisselbrink

unread,
Dec 3, 2020, 3:38:50 PM12/3/20
to yo...@yoav.ws, blink-dev, asu...@chromium.org
Calls such as showSaveFilePicker({types: {accept: { 'my/type': ['.db$']}}) (i.e. ones with extensions using characters we no longer allow) would previously work, but with this change will instead reject. So yes, this is web exposed.

Daniel Bratell

unread,
Dec 3, 2020, 3:41:15 PM12/3/20
to Marijn Kruisselbrink, yo...@yoav.ws, blink-dev, asu...@chromium.org

LGTM1

/Daniel

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BOSsVbpmfmH_NOtRqRF3%2Bz2mcLqmVXSnwnOT7M892FvFDNCRA%40mail.gmail.com.

Daniel Bratell

unread,
Dec 3, 2020, 3:43:45 PM12/3/20
to Marijn Kruisselbrink, yo...@yoav.ws, blink-dev, asu...@chromium.org

Make that LGTM2 since Alex had already sent an LGTM1.

/Daniel

Yoav Weiss

unread,
Dec 4, 2020, 3:44:56 AM12/4/20
to Daniel Bratell, Marijn Kruisselbrink, blink-dev, asu...@chromium.org
Reply all
Reply to author
Forward
0 new messages