On
https://bugzil.la/1140171 we're encountering the problem where
DeviceStorage is refusing to save a filename with a double-quote
character to the VFAT-formatted sdcard. (This isn't surprising,
although it's surprising we went this far without encountering the
problem! Note that I can happily download and save the file on
b2g-desktop on linux because of the awesome power of ext4.)
Prior-spec art seems to be
http://www.w3.org/TR/FileAPI/#file-constructor which does specifying
that a normalization step should be performed on the name. (It says
replace all "/" characters with ":" characters. Since ":" is also
illegal on VFAT, we probably don't want that exactly.) The other file
APIs that I thought existed appear to have all been retracted.
Although it is quite feasible for the Gaia email app to perform a
filename normalization to VFAT, I thought it would be worth discussing
whether it would be advisable for DeviceStorage to automatically
normalize the filename to something legal. I believe callers have
already voided their warranty if they fail to look at the
evt.target.result they get back from addNamed and use that, so this
could work for existing consumers even.
Arguments in favor of having DeviceStorage do it would be:
- We might not be using VFAT in all cases. Other file-systems could
have different rules. (Maybe HFS+ is crazy?)
- It's unlikely all callers will think to test with filenames that are
illegal on VFAT, so not doing it in DeviceStorage is just helping
developers shoot themselves and their/our users in their feet.
- There can be other complications like MAX_PATH on Windows that might
require name truncation, especially since non-chrome JS code has no
chance of knowing the mount points/etc. in play.
- Non-security unicode issues where non-ASCII things don't work.
- Complicated hypothetical security/attack unicode issues like
http://en.wikipedia.org/wiki/IDN_homograph_attack.
In the event there are emerging standards that DeviceStorage will
converge to/etc., I think we should just do what they're doing and I'm
happy for people to point me at them.
Thanks,
Andrew