WebAPI/ProposedDeviceStorageAPIWithNotifications
This page contains a draft of the proposed modification to the DeviceStorage API to include onchanged notifications.
API
partial interface Navigator { /** * type is an arbitrary string. On OSs with predefined directories (pictures, * music, etc) we can match certain type names to certain folders. * To be figured out. * * Note that each value for the type represents a different directory. * I.e. passing "pictures" as type will yield a completely different set * of files from passing "movies" as the type. * * In other words, the type argument is not some sort of filter, but rather * simply a destination directory. */ DeviceStorage getDeviceStorage(DOMString type); }; interface DeviceStorage { // Name will be generated by the implementation and returned as result of request DOMRequest add(Blob blob); // Fails if a file with the given name already exists. DOMRequest addNamed(Blob blob, DOMString name); // Returns the result as a File object DOMRequest get(DOMString name); // Returns the result as a FileHandle object which enables writing DOMRequest getEditable(DOMString name); // Deletes a file DOMRequest delete(DOMString name); // Watches a file, or all files for updates // If name is specified, watches a file with that name // returns the DeviceStorageWatch for this request, through which future requests will be processed DeviceStorageWatch watchChanges(optional DOMString name); // See interface below for how to use this DeviceStorageCursor enumerate(optional DOMString directory) DeviceStorageCursor enumerateEditable(optional DOMString directory) }; interface DeviceStorageCursor : DOMRequest { // .result is either a File or a FileHandle void continue(); }; interface DeviceStorageWatch{ // this function is called whenever the file(s) addressed by the request are created, modified, or deleted void onChange(DOMString name, UpdateType type); // this function stops the watcher permanently void cancel(); }
The cursor API is somewhat different from the IndexedDB cursor in that it's a bit simpler. We might want to align more with IndexedDB just for the sake of consistency.
Questions
- Q: Why not use the W3C File System API? This API seems somewhat redundant with that part of the web platform.
Security/Privacy considerations
There are basically three different capabilities here:
- Ability to add new files. This can't cause any harm in and of itself apart from using system resources.
- Ability to read existing files. This isn't a security problem, but is a privacy problem.
- Ability to modify/delete existing files. This can destroy user data.
Ability to add new files isn't terribly sensitive, simply asking the user might be sufficient here.
Ability to read existing files is more sensitive. Note that we should integrate device storage with <input type=file> such that the user is able to select a file from device storage on all platforms. That should significantly reduce the need for pages to use this API.
We could possibly further reduce the need by granting pages/apps the right to read files that they have added. I.e. only when wanting to read other files would we need to apply security restrictions. Implementing this on desktop will be hard though since we would have to keep additional meta-data on files that are stored in the user's "pictures", etc folders. I'm inclined to defer this aspect for now.
Ability to modify/delete existing files is extremely sensitive. We likely wouldn't want a scenario where the user simply answers yes to a "Do you want to let this website modify your pictures folder" and then have all of their vacation photos from the past 10 years destroyed.