Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1202830
  • 博文数量: 272
  • 博客积分: 3899
  • 博客等级: 中校
  • 技术积分: 4734
  • 用 户 组: 普通用户
  • 注册时间: 2012-06-15 14:53
文章分类

全部博文(272)

文章存档

2012年(272)

分类: 网络与安全

2012-06-26 17:03:38

前两天我看到了关于Javascript操作本地文件API 的新闻

今天看到 W3C 关于这个 API 的第一个Draft



定义了很多接口,有待浏览器实现。

在 Security Considerations 的章节里,主要考虑了三个问题

11. Security Considerations

This section is informative.

This specification allows web content to read files from the underlying file system, as well as provides a means for files to be accessed by unique identifiers, and as such is subject to some security considerations. This specification also assumes that the primary user interaction is with the  element of HTML forms [], and that all files that are being read by  objects have first been selected by the user. Important security considerations include preventing malicious file selection attacks (selection looping), preventing access to system-sensitive files, and guarding against modifications of files on disk after a selection has taken place.

  • Preventing selection looping. During file selection, a user may be bombarded with the file picker associated with  (in a "must choose" loop that forces selection before the file picker is dismissed) and a user agent may prevent file access to any selections by making the  object returned be of size 0.

  • System-sensitive files (e.g. files in /usr/bin, password files, other native operating system executables) typically should not be exposed to web content, and should not be accessed via . User agents MAY raise a  if such files are accessed or a  is called on them.

  • Post-selection file modifications occur when a file changes on disk after it has been selected. In such cases, if a  is called on a file, user agents MAY raise a .

Editorial note

This section is provisional; more security data may supplement this in subsequent drafts.


在未来还会考虑到更多的安全问题,拭目以待。


此外今天再次更新了 

主要是解决了字体的问题;同时优化了cache的使用方法,再次提高了性能;除此之外,还增加了全站Planet的RSS,如果你只想订阅一个RSS,不想分中文和国际的,那么现在就可以了!



需要注意的是,之前设置的 css expire 时间为30天,所以要重新访问新的secinn需要删除浏览器本地缓存,并刷新一下,否则可能看到的字体还是很丑。

to my friends, i'll be on my holidays in the next week, plese write to me if anything happened, thanks!
阅读(1300) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~