[whatwg] Canvas - toTempURL - A dangerous proposal

Charles Pritchard chuck at jumis.com
Fri Mar 27 17:55:39 PDT 2009


I asked myself the same question, a few minutes after posting my reply.
At this point, I'm really not sure.

My concern is that the string length for a URL may be limited,
somewhere in the platform.

If that's the case, a 1 meg data: url would overwhelm the
mechanism leading to the handler.

But as I've not tested the theory,
I don't have a leg to stand on.

-Charles

Boris Zbarsky wrote:
> Charles Pritchard wrote:
>> Having thought a little more about it (thank you for the feedback),
>> returning a reference to a custom URL handler (up to the implementation)
>> would resolve the security issues.
>>
>> toTempURL returning...  customHandler://randomData.png [any kind of 
>> reference],
>> would work in the legacy platforms we're targeting, while allowing us 
>> the flexibility
>> of deciding just how to store the data (be it in RAM, or in an 
>> unknown temporary file).
>
> I guess I'm not clear on one thing: you can add support for 
> customHandler:// to this platform but not support for data: ?
>
> -Boris




More information about the whatwg mailing list