[whatwg] Canvas - toTempURL - A dangerous proposal
chuck at jumis.com
Fri Mar 27 17:55:39 PDT 2009
I asked myself the same question, a few minutes after posting my reply.
At this point, I'm really not sure.
My concern is that the string length for a URL may be limited,
somewhere in the platform.
If that's the case, a 1 meg data: url would overwhelm the
mechanism leading to the handler.
But as I've not tested the theory,
I don't have a leg to stand on.
Boris Zbarsky wrote:
> Charles Pritchard wrote:
>> Having thought a little more about it (thank you for the feedback),
>> returning a reference to a custom URL handler (up to the implementation)
>> would resolve the security issues.
>> toTempURL returning... customHandler://randomData.png [any kind of
>> would work in the legacy platforms we're targeting, while allowing us
>> the flexibility
>> of deciding just how to store the data (be it in RAM, or in an
>> unknown temporary file).
> I guess I'm not clear on one thing: you can add support for
> customHandler:// to this platform but not support for data: ?
More information about the whatwg