[Webkit-unassigned] [Bug 64580] Add support for download='filename' in anchors

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=64580





--- Comment #66 from Adam Barth <abarth at webkit.org>  2011-07-24 11:00:21 PST ---
> As discussed with Darin, checking for user gesture is insufficient, because a handler for a single unrelated gesture could download any number of files, which is exactly what need to be prevented.

I'm not sure why we're putting these anti-spam measures in WebCore.  It seems like they should be the responsibility of the embedder.  For example, Chrome already has embedder-side anti-spam measures for downloads.  Other embedders, in different scenarios, might well want to make other trade-offs w.r.t. download spam.

Perhaps the best approach is what we do with pop-ups: provide the embedder with a choice about whether to allow the download.  In this case, specifically, Chrome would choose to have WebCore always allow the download and have the higher level anti-spam measures for downloads kick in.  That approach has a number of advantages.  For example, if a page initiates a download via this API and via another API, the anti-spam algorithm sees both downloads and can take appropriate action.  For example, the algorithm might permit one of the downloads, block the other, and display some sort of UI explaining what happened to the user.

Given that this feature is implemented only on PLATFORM(CHROMIUM) in this patch, adding anti-spam now is not necessary and would add unused complexity.  It seems appropriate, then, to land this patch as-is and revisit the anti-spam question when another port is interested in implementing this API.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.