File API
W3C Last Call Working Draft 12 September 2013
- This Version:
- http://www.w3.org/TR/2013/WD-FileAPI-20130912/
- Latest Published Version:
- http://www.w3.org/TR/FileAPI/
- Latest Editor’s Draft:
- http://dev.w3.org/2006/webapi/FileAPI/
- Previous Version(s):
- http://www.w3.org/TR/2012/WD-FileAPI-20121025/
- Editors:
- Arun Ranganathan, Mozilla Corporation <arun@mozilla.com>
- Jonas Sicking, Mozilla Corporation <jonas@sicking.cc>
- Participate:
-
Send feedback to public-webapps@w3.org (archives), or file a bug (see existing bugs).
Copyright © 2013 W3C® (MIT, ERCIM, Keio, Beihang), All Rights Reserved. W3C liability, trademark and document use rules apply.
Abstract
This specification provides an API for representing file objects in web applications, as well as programmatically selecting them and accessing their data. This includes:
- A FileList interface, which represents an array of individually selected files from the underlying system. The user interface for selection can be invoked via
<input type="file">, i.e. when theinputelement is in theFile Uploadstate [HTML] . - A Blob interface, which represents immutable raw binary data, and allows access to ranges of bytes within the
Blobobject as a separate Blob. - A File interface, which includes readonly informational attributes about a file such as its name and the date of the last modification (on disk) of the file.
- A FileReader interface, which provides methods to read a File or a Blob, and an event model to obtain the results of these reads.
- A URL scheme for use with binary data such as files, so that they can be referenced within web applications.
Additionally, this specification defines objects to be used within threaded web applications for the synchronous reading of files.
The section on Requirements and Use Cases [REQ] covers the motivation behind this specification.
This API is designed to be used in conjunction with other APIs and elements on the web platform, notably: XMLHttpRequest (e.g. with an overloaded send() method for File or Blob objects), postMessage, DataTransfer (part of the drag and drop API defined in [HTML,]) and Web Workers. Additionally, it should be possible to programmatically obtain a list of files from the input element when it is in the File Upload state[HTML]. These kinds of behaviors are defined in the appropriate affiliated specifications.
Status of this Document
This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.
This document is the 12 September 2013 Last Call Working Draft of the File API specification. Please send comments about this document to public-webapps@w3.org(archived).
Previous discussion of this specification has taken place on two other mailing lists: public-webapps@w3.org (archive) and public-webapi@w3.org (archive). Ongoing discussion will be on the public-webapps@w3.org mailing list.
This document is produced by the Web Applications WG in the W3C Interaction Domain.
Publication as a Last Call Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.
This draft is a Last Call Working Draft. Please send comments to the public-webapps@w3.org as described above. The deadline for comments is six weeks after the date of publication in the header: 24 October 2013.
Table of Contents
- 1. Introduction
- 2. Conformance
- 3. Dependencies
- 4. Terminology and Algorithms
- 5. The FileList Interface
- 6. The Blob Interface
- 7. The File Interface
- 8. The FileReader Interface
- 8.1. The FileReader Task Source
- 8.2. Constructors
- 8.3. Event Handler Attributes
- 8.4. FileReader States
- 8.5. Reading a File or Blob
- 9. Reading on Threads
- 10. Errors and Exceptions
- 11. A URL for Blob and File reference
- 12. Security Considerations
- 13. Requirements and Use Cases
- 14. Appendix A
- 15. Acknowledgements
- 16. References
1. Introduction
This section is informative.
Web applications should have the ability to manipulate as wide as possible a range of user input, including files that a user may wish to upload to a remote server or manipulate inside a rich web application. This specification defines the basic representations for files, lists of files, errors raised by access to files, and programmatic ways to read files. Additionally, this specification also defines an interface that represents "raw data" which can be asynchronously processed on the main thread of conforming user agents. The interfaces and API defined in this specification can be used with other interfaces and APIs exposed to the web platform.
The File interface represents file data typically obtained from the underlying file system, and the Blob interface ("Binary Large Object" - a name originally introduced to web APIs in Google Gears) represents immutable raw data. File or Blob reads should happen asynchronously on the main thread, with an optional synchronous API used within threaded web applications. An asynchronous API for reading files prevents blocking and UI "freezing" on a user agent's main thread. This specification defines an asynchronous API based on an event model to read and access a File or Blob's data. A FileReader object provides asynchronous read methods to access that file's data through event handler attributes and the firing of events. The use of events and event handlers allows separate code blocks the ability to monitor the progress of the read (which is particularly useful for remote drives or mounted drives, where file access performance may vary from local drives) and error conditions that may arise during reading of a file. An example will be illustrative.
In the example below, different code blocks handle progress, error, and success conditions.
function startRead() {
// obtain input element through DOM
var file = document.getElementById('file').files[0];
if(file){
getAsText(file);
}
}
function getAsText(readFile) {
var reader = new FileReader();
// Read file into memory as UTF-16
reader.readAsText(readFile, "UTF-16");
// Handle progress, success, and errors
reader.onprogress = updateProgress;
reader.onload = loaded;
reader.onerror = errorHandler;
}
function updateProgress(evt) {
if (evt.lengthComputable) {
// evt.loaded and evt.total are ProgressEvent properties
var loaded = (evt.loaded / evt.total);
if (loaded < 1) {
// Increase the prog bar length
// style.width = (loaded * 200) + "px";
}
}
}
function loaded(evt) {
// Obtain the read file data
var fileString = evt.target.result;
// Handle UTF-16 file dump
if(utils.regexp.isChinese(fileString)) {
//Chinese Characters + Name validation
}
else {
// run other charset test
}
// xhr.send(fileString)
}
function errorHandler(evt) {
if(evt.target.error.name == "NotReadableError") {
// The file could not be read
}
}
1.1 Model
A Blob object provides asynchronous access to a byte sequence, making the bytes available for use within web applications through the FileReader object; it has a sizeattribute, representing the total number of bytes that constitute the byte sequence, and a type attribute, which is an ASCII-encoded string in lower case. When converted to a byte sequence, the type is said to be a parsable MIME type if the parse a MIME type algorithm does not return undefined [MIMESNIFF]. The Blob's typeis also used to generate a Content-Type header when using blob: URLs.
A File object is a Blob object with a name attribute, which is a UTF-16 string representing the file's name within the underlying file system or at time of creation with a constructor invoked from within a web application. Access to the byte sequence of the File is through the FileReader object.
2. Conformance
Everything in this specification is normative except for examples and sections marked as being informative.
The keywords “must”, “must not”, “required”, “shall”, “shall not”, “recommended”, “may” and “optional” in this document are to be interpreted as described in Key words for use in RFCs to Indicate Requirement Levels [RFC2119].
The following conformance classes are defined by this specification:
- conforming user agent
-
A user agent is considered to be a conforming user agent if it satisfies all of the must-, required- and shall-level criteria in this specification that apply to implementations. This specification uses both the terms "conforming user agent" and "user agent" to refer to this product class.
User agents may implement algorithms in this specifications in any way desired, so long as the end result is indistinguishable from the result that would be obtained from the specification's algorithms.
User agents that use ECMAScript to implement the APIs defined in this specification must implement them in a manner consistent with the ECMAScript Bindings defined in the Web IDL specification [WEBIDL] as this specification uses that specification and terminology.
3. Dependencies
This specification relies on underlying specifications.
- DOM
-
A conforming user agent must support at least the subset of the functionality defined in DOM4 that this specification relies upon; in particular, it must support
EventTarget. [DOM4] - Progress Events
-
A conforming user agent must support the Progress Events specification. Data access on read operations is enabled via Progress Events.[ProgressEvents]
- HTML
-
A conforming user agent must support at least the subset of the functionality defined in HTML that this specification relies upon; in particular, it must supportevent loops and event handler attributes. [HTML]
- Web IDL
-
A conforming user agent must also be a conforming implementation of the IDL fragments in this specification, as described in the Web IDL specification. [WebIDL]
- Typed Arrays
-
A conforming user agent must support the Typed Arrays specification [TypedArrays].
Parts of this specification rely on the Web Workers specification; for those parts of this specification, the Web Workers specification is a normative dependency. [Workers]
4. Terminology and Algorithms
The terms and algorithms <fragment>, <scheme>, document, unloading document cleanup steps, event handler attributes, event handler event type, origin, same origin,event loops, task, task source, URL, global script cleanup jobs list, global script cleanup, queue a task, neuter, UTF-8, UTF-16. structured clone, collect a sequence of characters and converting a string to ASCII lowercase are as defined by the HTML specification [HTML].
When this specification says to terminate an algorithm the user agent must terminate the algorithm after finishing the step it is on. Asynchronous read methods defined in this specification may return before the algorithm in question is terminated, and can be terminated by an abort() call.
The term throw in this specification, as it pertains to exceptions, is used as defined in the DOM4 specification [DOM4].
The algorithms and steps in this specification use the following mathematical operations:
max(a,b) returns the maximum of a and b, and is always performed on integers as they are defined in WebIDL [WebIDL]; in the case of max(6,4) the result is 6. This operation is also defined in ECMAScript [ECMA-262].
min(a,b) returns the minimum of a and b, and is always performed on integers as they are defined in WebIDL [WebIDL]; in the case of min(6,4) the result is 4. This operation is also defined in ECMAScript [ECMA-262].
Mathematical comparisons such as < (less than), ≤ (less than or equal to) and > (greater than) are as in ECMAScript [ECMA-262].
5. The FileList Interface
This interface is a list of File objects.
Sample usage typically involves DOM access to the <input type="file"> element within a form, and then accessing selected files.
// uploadData is a form element
// fileChooser is input element of type 'file'
var file = document.forms['uploadData']['fileChooser'].files[0];
// alternative syntax can be
// var file = document.forms['uploadData']['fileChooser'].files.item(0);
if(file)
{
// Perform file ops
}
5.1. Attributes
-
length -
must return the number of files in the
FileListobject. If there are no files, this attribute must return 0.
5.2. Methods and Parameters
-
item(index) -
must return the indexth
Fileobject in theFileList. If there is no indexthFileobject in theFileList, then this method must returnnull.indexmust be treated by user agents as value for the position of aFileobject in theFileList, with 0 representing the first file. Supported property indices[WebIDL] are the numbers in the range zero to one less than the number ofFileobjects represented by theFileListobject. If there are no suchFileobjects, then there are no supported property indices [WebIDL].
6. The Blob Interface
This interface represents immutable raw data. It provides a method to slice data objects between ranges of bytes into further chunks of raw data. It also provides an attribute representing the size of the chunk of data. The File interface inherits from this interface.
[Constructor,
Constructor(sequence<(ArrayBuffer or ArrayBufferView or Blob or DOMString)> blobParts, optional BlobPropertyBag options)]
interface Blob {
readonly attribute unsigned long long size;
readonly attribute DOMString type;
//slice Blob into byte-ranged chunks
Blob slice(optional [Clamp] long long start,
optional [Clamp] long long end,
optional DOMString contentType);
void close();
};
dictionary BlobPropertyBag {
DOMString type = "";
};
6.1. Constructors
The Blob() constructor can be invoked with zero or more parameters. When the Blob() constructor is invoked, user agents must run the following Blob constructor steps:
If invoked with zero parameters, return a new
Blobobject consisting of 0 bytes, withsizeset to 0, and withtypeset to the empty string.Otherwise, the constructor is invoked with a
blobPartssequence. Let a be that sequence.Let bytes be an empty sequence of bytes.
Let length be a's length. For 0 ≤ i < length, repeat the following steps:
Let element be the ith element of a.
If element is a
DOMString, run the following substeps:If element is an
ArrayBufferView[TypedArrays], convert it to a sequence ofbyteLengthbytes from the underlyingArrayBuffer, starting at thebyteOffsetof theArrayBufferView[TypedArrays], and append those bytes to bytes.If element is an
ArrayBuffer[TypedArrays], convert it to a sequence ofbyteLengthbytes, and append those bytes to bytes.If element is a
Blob, append the bytes it represents to bytes. Thetypeof theBlobarray element is ignored.
If the
typemember of the optionaloptionsargument is provided and is not the empty string, run the following sub-steps:- Let t be the
typedictionary member. If t contains any characters outside the range U+0020 to U+007E, then set t to the empty string and return from these substeps. - Convert every character in t to lowercase using the "converting a string to ASCII lowercase" algorithm [WebIDL].
- Let t be the
Return a
Blobobject consisting of bytes, with itssizeset to the length of bytes, and itstypeset to the value of t from the substeps above.NoteThe type t of a
Blobis considered a parsable MIME type if the ASCII-encoded string representing the Blob object's type, when converted to a byte sequence, does not return undefined for the parse MIME type algorithm [MIMESNIFF].
6.1.1. Constructor Parameters
The Blob() constructor can be invoked with the parameters below:
-
A
blobPartssequence -
which takes any number of the following types of elements, and in any order:
ArrayBuffer[TypedArrays] elements.ArrayBufferView[TypedArrays] elements.Blobelements.DOMString[WebIDL] elements.
-
An
optional
BlobPropertyBag -
which takes one member:
type, the ASCII-encoded string in lower case representing the media type of theBlob. Normative conditions for this member are provided in the Blob constructor steps.
Examples of constructor usage follow.
// Create a new Blob object
var a = new Blob();
// Create a 1024-byte ArrayBuffer
// buffer could also come from reading a File
var buffer = new ArrayBuffer(1024);
// Create ArrayBufferView objects based on buffer
var shorts = new Uint16Array(buffer, 512, 128);
var bytes = new Uint8Array(buffer, shorts.byteOffset + shorts.byteLength);
var b = new Blob(["foobarbazetcetc" + "birdiebirdieboo"], {type: "text/plain;charset=UTF-8"});
var c = new Blob([b, shorts]);
var a = new Blob([b, c, bytes]);
var d = new Blob([buffer, b, c, bytes]);
6.2. Snapshot State
Each Blob must have a snapshot state, which must be initially set to the state of the underlying storage, if any such underlying storage exists. The snapshot state must be preserved through structured clone. If, at the time of processing any read method on the Blob, the state of the underlying storage containing the Blob is not equal tosnapshot state, the read must fail with a NotReadableError.
Snapshot state is a conceptual marker most useful for File objects backed by on-disk resources.
6.3. Attributes
-
size -
Returns the size of the
Blobobject in bytes. On getting, conforming user agents must return the total number of bytes that can be read by aFileReaderorFileReaderSyncobject, or 0 if the Blob has no bytes to be read. If theBlobhas been neutered withclosecalled on it, thensizemust return 0. -
type -
The ASCII-encoded string in lower case representing the media type of the
Blob. ForFileobjects that are returned from the underlying file system, user agents must return the type of aBlobas an ASCII-encoded string in lower case, such that when it is converted to a corresponding byte sequence, it is a parsable MIME type [MIMESNIFF], or the empty string -- 0 bytes -- if the type cannot be determined. When theBlobis of typetext/plainuser agents must NOT append a charset parameter to the dictionary of parameters portion of the media type [MIMESNIFF]. User agents must not attempt heuristic determination of encoding, including statistical methods. Further normative conditions for this attribute can be found in the Blob constructor steps and in the slice method algorithm, where this attribute can be set with theBlobconstructor or aslicemethod call.
Use of the type attribute informs the encoding determination and parsing the Content-Type header when dereferencing blob: URLs.
6.4. Methods and Parameters
6.4.1. The slice method
The slice method returns a new Blob object with bytes ranging from the optional start parameter upto but not including the optional end parameter, and with a typeattribute that is the value of the optional contentType parameter. It must act as follows :
Let O be the
Blobobject on which theslicemethod is being called.The optional
startparameter is a value for the start point of aslicecall, and must be treated as a byte-order position, with the zeroth position representing the first byte. User agents must processslicewithstartnormalized according to the following:If the optional
startparameter is not used as a parameter when making this call, let relativeStart be 0.If
startis negative, let relativeStart be max((size+start), 0)).Else, let relativeStart be min(start, size).
The optional
endparameter is a value for the end point of aslicecall. User agents must processslicewithendnormalized according to the following:If the optional
endparameter is not used as a parameter when making this call, let relativeEnd besize.If
endis negative, let relativeEnd be max((size + end), 0)Else, let relativeEnd be min(end, size)
The optional
contentTypeparameter is used to set the ASCII-encoded string in lower case representing the media type of the Blob. User agents must process theslicewithcontentTypenormalized according to the following:If the
contentTypeparameter is not provided, let relativeContentType be set to the empty string .Else let relativeContentType be set to
contentTypeand run the substeps below:- If relativeContentType contains any characters outside the range of U+0020 to U+007E, then set relativeContentType to the empty string and return from these substeps.
- Convert every character in relativeContentType to lower case using the "Converting a string to ASCII lowercase" algorithm.
Let span be max((relativeEnd - relativeStart), 0).
Return a new
Blobobject S with the following characteristics:S consists of span consecutive bytes from O, beginning with the byte at byte-order position relativeStart.
S.
size= span.S.
type= relativeContentType.NoteThe type t of a
Blobis considered a parsable MIME type if the ASCII-encoded string representing the Blob object's type, when converted to a byte sequence, does not return undefined for the parse MIME type algorithm [MIMESNIFF].Let the snapshot state of S be set to the snapshot state of O.
The examples below illustrate the different types of slice calls possible. Since the File interface inherits from the Blob interface, examples are based on the use of the File interface.
// obtain input element through DOM
var file = document.getElementById('file').files[0];
if(file)
{
// create an identical copy of file
// the two calls below are equivalent
var fileClone = file.slice();
var fileClone2 = file.slice(0, file.size);
// slice file into 1/2 chunk starting at middle of file
// Note the use of negative number
var fileChunkFromEnd = file.slice(-(Math.round(file.size/2)));
// slice file into 1/2 chunk starting at beginning of file
var fileChunkFromStart = file.slice(0, Math.round(file.size/2));
// slice file from beginning till 150 bytes before end
var fileNoMetadata = file.slice(0, -150, "application/experimental");
}
6.4.2. The close method
Calling the close method must permanently neuter the original Blob object. This is an irreversible and non-idempotent operation; once a Blob has been neutered, it cannot be used again; dereferencing a Blob URL bound to a Blob object on which close has been called results in a network error. A neutered Blob must have a size of 0.
Calling close must not affect an ongoing read operation via any asynchronous read methods . Calling close must not affect any Blob objects created by a slice call on the Blob object on which close has been called. While Blob objects can be neutered via a call to close, they are not Transferable [HTML]. They are immutable, and thus invalidating them on the sending side is not useful; implementations can share Blob data between two threads without needing invalidation.
7. The File Interface
This interface describes a single file in a FileList and exposes its name. It inherits from Blob.
[Constructor(Blob fileBits, [EnsureUTF16] DOMString fileName)]
interface File : Blob {
readonly attribute DOMString name;
readonly attribute Date lastModifiedDate;
};
7.1 File Constructor
The File constructor is invoked with a Blob argument, and a DOMString argument and must return a new File object F with the following properties:
F.sizeis the same as thesizeof the fileBitsBlobargument, which must be the immutable raw data of F.F.nameis set as follows:Let N be a new string of the same size as the
fileNameargument to the constructor. Copy every character fromfileNameto N, replacing any "/" character (U+002F SOLIDUS) with a ":" (U+003A COLON).Set F.name to N.
If the
fileBitsargument has atype, thenF.type=fileBits.type.User agents must initially set
F.lastModifiedDateto the time of object creation.
7.2. Attributes
-
name -
The name of the file; on getting, this must return the name of the file as a string. There are numerous file name variations on different systems; this is merely the name of the file, without path information. On getting, if user agents cannot make this information available, they must return the empty string.
-
lastModifiedDate -
The last modified date of the file. On getting, if user agents can make this information available, this must return a new
Date[HTML] object initialized to the last modified date of the file. If the last modification date and time are not known, the attribute must return the current date and time as aDateobject.
The File interface is available on objects that expose an attribute of type FileList; these objects are defined in HTML [HTML]. The File interface, which inherits from Blob, is immutable, and thus represents file data that can be read into memory at the time a read operation is initiated. User agents must process reads on files that no longer exist at the time of read as errors, throwing a NotFoundError exception if using a FileReaderSync on a Web Worker [Workers] or firing an error event with the errorattribute returning a NotFoundError DOMError.
8. The FileReader Interface
This interface provides methods to read File objects or Blob objects into memory, and to access the data from those Files or Blobs using progress events and event handler attributes; it inherits from EventTarget [DOM4]. It is desirable to read data from file systems asynchronously in the main thread of user agents. This interface provides such an asynchronous API, and is specified to be used with the global object (Window [HTML]).
[Constructor]
interface FileReader: EventTarget {
// async read methods
void readAsArrayBuffer(Blob blob);
void readAsText(Blob blob, optional DOMString label);
void readAsDataURL(Blob blob);
void abort();
// states
const unsigned short EMPTY = 0;
const unsigned short LOADING = 1;
const unsigned short DONE = 2;
readonly attribute unsigned short readyState;
// File or Blob data
readonly attribute (DOMString or ArrayBuffer)? result;
readonly attribute DOMError? error;
// event handler attributes
attribute EventHandler onloadstart;
attribute EventHandler onprogress;
attribute EventHandler onload;
attribute EventHandler onabort;
attribute EventHandler onerror;
attribute EventHandler onloadend;
};
8.1. The FileReader Task Source
The FileReader interface enables asynchronous reads on individual Blob objects by firing progress events as the read occurs. Unless stated otherwise, the task source that is used in this specification is the FileReader. This task source is used for events that are asynchronously fired, and for event tasks that are queued for firing, and for theread methods, which queue tasks to update the result.
8.2. Constructors
When the FileReader() constructor is invoked, the user agent must return a new FileReader object.
In environments where the global object is represented by a Window or a WorkerGlobalScope object, the FileReader constructor must be available.
8.3. Event Handler Attributes
The following are the event handler attributes (and their corresponding event handler event types) that user agents must support on FileReader as DOM attributes:
8.4. FileReader States
The FileReader object can be in one of 3 states. The readyState attribute, on getting, must return the current state, which must be one of the following values:
-
EMPTY(numeric value 0) -
The
FileReaderobject has been constructed, and there are no pending reads. None of the read methods have been called. This is the default state of a newly mintedFileReaderobject, until one of the read methods have been called on it. -
LOADING(numeric value 1) -
A
FileorBlobis being read. One of the read methods is being processed, and no error has occurred during the read. -
DONE(numeric value 2) -
The entire
FileorBlobhas been read into memory, OR a file error occurred during read, OR the read was aborted usingabort(). TheFileReaderis no longer reading aFileorBlob. IfreadyStateis set toDONEit means at least one of the read methods have been called on thisFileReader.
8.5. Reading a File or Blob
8.5.1. Multiple Reads
The FileReader interface makes available three asynchronous read methods - readAsArrayBuffer, readAsText, and readAsDataURL, which read files into memory. If multiple concurrent read methods are called on the same FileReader object, user agents must throw an InvalidStateError [DOM4] on any of the read methods that occur whenreadyState = LOADING.
8.5.2. The result attribute
On getting, the result attribute returns a Blob's data as a DOMString, or as an ArrayBuffer [TypedArrays], or null, depending on the read method that has been called on theFileReader, and any errors that may have occurred. The list below is normative for the result attribute and is the conformance criteria for this attribute:
On getting, if the
readyStateisEMPTY(no read method has been called) then theresultattribute must returnnull.On getting, if an error in reading the
FileorBlobhas occurred (using any read method), then theresultattribute must returnnull.On getting, if the
readAsDataURLread method is used, theresultattribute must return aDOMStringthat is a Data URL [DataURL] encoding of theFileorBlob's data.On getting, if the
readAsTextread method is called and no error in reading theFileorBlobhas occurred, then theresultattribute must return a string representing theFileorBlob's data as a text string, and should decode the string into memory in the format specified by the encoding determination as aDOMString.On getting, if the
readAsArrayBufferread method is called and no error in reading theFileorBlobhas occurred, then theresultattribute must return anArrayBuffer[TypedArrays] object.
If a read is successful, the result attribute must return a non-null value only after a progress event (see also [ProgressEvents]) has fired, since all the read methodsaccess Blob data asynchronously. Tasks are queued to update the result attribute as Blob data is made available.
8.5.3. The readAsDataURL(blob) method
When the readAsDataURL(blob) method is called, the user agent must run the steps below (unless otherwise indicated).
If
readyState=LOADINGthrow anInvalidStateErrorexception [DOM4] and terminate this algorithm.Note: The
readAsDataURL()method returns due to the algorithm being terminated.If the
blobhas been neutered through theclosemethod, throw anInvalidStateErrorexception [DOM4] and terminate this algorithm.Note: The
readAsDataURL()method returns due to the algorithm being terminated.If an error occurs during reading of the
blobparameter setreadyStatetoDONEand setresulttonull. Proceed to the error steps.If no error has occurred, set
readyStatetoLOADINGFire a progress event called
loadstart.Return the
readAsDataURL()method, but continue to process the steps in this algorithm.When the
blobhas been fully read into memory queue a task to do the following:Set
readyStatetoDONE.Set the
resultattribute with theblobas a DataURL [DataURL] after it has been fully read into memory; on getting, theresultattribute returns the (complete) data ofblobas a Data URL [DataURL].Use the
blob'stypeattribute as part of the Data URL if it is available in keeping with the Data URL specification [DataURL].If the
typeattribute is not available on theblobreturn a Data URL without a media-type. [DataURL].Data URLs that do not have media-types [RFC2046] must be treated as plain text by conforming user agents. [DataURL].
- Fire a progress event called
load. - Unless
readyStateisLOADINGfire a progress event calledloadend. IfreadyStateisLOADINGdo NOT fireloadend.
8.5.4. The readAsText(blob, label) method
The readAsText() method can be called with an optional parameter, label, which is a DOMString argument that represents the label of an encoding [Encoding Specification]; if provided, it must be used as part of the encoding determination used when processing this method call.
When the readAsText(blob, label) method is called (the label argument is optional), the user agent must run the steps below (unless otherwise indicated).
If
readyState=LOADINGthrow anInvalidStateError[DOM4] and terminate these steps.Note: The
readAsText()method returns due to the algorithm being terminated.If the
blobhas been neutered through theclosemethod, throw anInvalidStateErrorexception [DOM4] and terminate this algorithm.Note: The
readAsText()method returns due to the algorithm being terminated.If an error occurs during reading the
blobparameter, setreadyStatetoDONEand setresulttonull. Proceed to the error steps.If no error has occurred, set
readyStatetoLOADINGFire a progress event called
loadstart.Return the
readAsText()method, but continue to process the steps in this algorithmWhen the
blobhas been read into memory fully, queue a task to do the following:Set
readyStatetoDONESet the
resultattribute to the fully readblob, represented as a string in a format determined by the encoding determination.- Fire a progress event called
load. - Unless
readyStateisLOADINGfire a progress event calledloadend. IfreadyStateisLOADINGdo NOT fireloadend.
8.5.5. The readAsArrayBuffer(blob) method
When the readAsArrayBuffer(blob) method is called, the user agent must run the steps below (unless otherwise indicated).
If
readyState=LOADINGthrow anInvalidStateErrorexception [DOM4] and terminate these steps.Note: The
readAsArrayBuffer()method returns due to the algorithm being terminated.If the
blobhas been neutered through theclosemethod, throw anInvalidStateErrorexception [DOM4] and terminate this algorithm.Note: The
readAsArrayBuffer()method returns due to the algorithm being terminated.If an error occurs during reading the
blobparameter, setreadyStatetoDONEand setresulttonull. Proceed to the error steps.If no error has occurred, set
readyStatetoLOADINGFire a progress event called
loadstart.Return the
readAsArrayBuffer()method, but continue to process the steps in this algorithm.When the
blobhas been read into memory fully, queue a task to do the following:Set
readyStatetoDONESet the
resultattribute to the value of the fully readblobas anArrayBuffer[TypedArrays] object.Fire a progress event called
load.Unless
readyStateisLOADINGfire a progress event calledloadend. IfreadyStateisLOADINGdo NOT fireloadend.
8.5.6. Error Steps
Fire a progress event called
error. Set theerrorattribute; on getting, theerrorattribute must be a aDOMErrorobject that indicates the kind of file error that has occurred.Unless
readyStateisLOADING, fire a progress event calledloadend. IfreadyStateisLOADINGdo NOT fireloadend.Terminate the algorithm for any read method.
Note: The read method returns due to the algorithm being terminated.
8.5.7. The abort() method
When the abort() method is called, the user agent must run the steps below:
If
readyState=EMPTYor ifreadyState=DONEsetresulttonulland terminate this overall set of steps without doing anything else.If
readyState=LOADINGsetreadyStatetoDONEandresulttonull.If there are any tasks from the object's
FileReadertask source in one of the task queues, then remove those tasks.Terminate the algorithm for the read method being processed.
Fire a progress event called
abortUnless
readyStateisLOADINGfire a progress event calledloadend. IfreadyStateisLOADINGdo NOT fireloadend.
8.5.8. Blob Parameters
The three asynchronous read methods, the three synchronous read methods, and createObjectURL take a mandatory Blob parameter. This section defines this parameter.
8.5.9. Determining Encoding
When reading blob objects using the readAsText() read method, the following encoding determination steps must be followed:
Let encoding be null
If the
labelargument is present, set encoding to the result of "getting an encoding" using the Encoding Specification [Encoding Specification] forlabel.If the "getting an encoding" steps above return failure, then set encoding to null.
If encoding is null, and the
blobargument'stypeattribute is present, and it uses a Charset Parameter [RFC2046], set encoding to the result of "getting an encoding" using the Encoding Specification [Encoding Specification] for the portion of the Charset Parameter that is a label of an encoding.If the "getting an encoding" steps above return failure, then set encoding to null.
If encoding is null, then set encoding to utf-8.
"Decode" [Encoding Specification] this
blobusing fallback encoding encoding, and return the result. On getting, theresultattribute of theFileReaderobject returns a string in encoding format. The synchronousreadAsTextmethod of theFileReaderSyncobject returns a string in encoding format.
8.5.10. Events
When this specification says to make progress notifications for a read method while the read method is processing, queue a task to fire a progress event called progressat the FileReader object about every 50ms or for every byte read into memory, whichever is least frequent. At least one event called progress must fire before load is fired, and at 100% completion of the read operation; if 100% of blob can be read into memory in less than 50ms, user agents must fire a progress event called progress at completion.
If a given implementation uses buffers of size 65536 bytes to read files, and thus limits reading operations to that size, and a read method is called on a file that is 65537 bytes, then that implementation must fire one progress event for the 65536 first bytes, one progress event for the 65537th byte (which is at completion of read), one load event and one loadend event.
When this specification says to fire a progress event called e (for some ProgressEvent e at a FileReader reader), the following are normative:
The progress event
edoes not bubble.e.bubblesmust be false [DOM4]The progress event
eis NOT cancelable.e.cancelablemust be false [DOM4]The term "fire an event" is defined in DOM Core [DOM4]. Progress Events are defined in Progress Events [ProgressEvents].
8.5.10.1. Event Summary
The following are the events that are fired at FileReader objects; firing events is defined in DOM Core [DOM4].
| Event name | Interface | Fired when… |
|---|---|---|
loadstart |
ProgressEvent |
When the read starts. |
progress |
ProgressEvent |
While reading (and decoding) blob |
abort |
ProgressEvent |
When the read has been aborted. For instance, by invoking the abort() method. |
error |
ProgressEvent |
When the read has failed (see errors). |
load |
ProgressEvent |
When the read has successfully completed. |
loadend |
ProgressEvent |
When the request has completed (either in success or failure). |
8.5.10.2. Summary of Event Invariants
This section is informative. The following are invariants applicable to event firing for a given asynchronous read method in this specification:
Once a
loadstarthas been fired, a correspondingloadendfires at completion of the read, EXCEPT ifthe read method has been cancelled using
abort()and a new read method has been invoked;the event handler function for a
loadevent initiates a new read;the event handler function for a
errorevent initiates a new read.
ExampleThis example showcases "read-chaining" namely initiating another read from within an event handler while the "first" read continues processing.
ECMAScript// In code of the sort... reader.readAsText(file); reader.onload = function(){reader.readAsText(alternateFile);} ..... //... the loadend event must not fire for the first read reader.readAsText(file); reader.abort(); reader.onabort = function(){reader.readAsText(updatedFile);} //... the loadend event must not fire for the first readOne
progressevent will fire whenblobhas been completely read into memory.No
progressevent fires after any one ofabort,load, anderrorhave fired. At most one ofabort,load, anderrorfire for a given read.
9. Reading on Threads
Web Workers allow for the use of synchronous File or Blob read APIs, since such reads on threads do not block the main thread. This section defines a synchronous API, which can be used within Workers [Web Workers]. Workers can avail of both the asynchronous API (the FileReader object) and the synchronous API (the FileReaderSyncobject).
9.1. The FileReaderSync Interface
This interface provides methods to synchronously read File or Blob objects into memory.
[Constructor]
interface FileReaderSync {
// Synchronously return strings
ArrayBuffer readAsArrayBuffer(Blob blob);
DOMString readAsText(Blob blob, optional DOMString label);
DOMString readAsDataURL(Blob blob);
};
9.1.1. Constructors
When the FileReaderSync() constructor is invoked, the user agent must return a new FileReaderSync object.
In environments where the global object is represented by a WorkerGlobalScope object, the FileReaderSync constructor must be available.
10.1.2. The readAsText method
When the readAsText(blob, label) method is called (the label argument is optional), the following steps must be followed:
If an error occurs during reading of the
blobparameter, throw the appropriate exception. Terminate these overall steps.If no error has occurred, read
blobinto memory. Return the data contents ofblobusing the encoding determination algorithm.
9.1.3. The readAsDataURL method
When the readAsDataURL(blob) method is called, the following steps must be followed:
If an error occurs during reading of the
blobparameter, throw the appropriate exception. Terminate these overall steps.If no error has occurred, read
blobinto memory. Return the data contents ofblobas a Data URL [DataURL]- Use the
blob'stypeattribute as part of the Data URL if it is available in keeping with the Data URL specification [DataURL] . - If the
typeattribute is not available on theblobreturn a Data URL without a media-type. [DataURL].Data URLs that do not have media-types [RFC2046] must be treated as plain text by conforming user agents. [DataURL].
- Use the
9.1.4. The readAsArrayBuffer method
When the readAsArrayBuffer(blob) method is called, the following steps must be followed:
If an error occurs during reading the
blobparameter, throw the appropriate exception. Terminate these overall steps.If no error has occurred, read
blobinto memory. Return the data contents ofblobas anArrayBuffer[TypedArrays]
10. Errors and Exceptions
Error conditions can occur when reading files from the underlying filesystem. The list below of potential error conditions is informative.
The
FileorBlobbeing accessed may not exist at the time one of the asynchronous read methods or synchronous read methods are called. This may be due to it having been moved or deleted after a reference to it was acquired (e.g. concurrent modification with another application). SeeNotFoundErrorA
FileorBlobmay be unreadable. This may be due to permission problems that occur after a reference to aFileorBlobhas been acquired (e.g. concurrent lock with another application). Additionally, the snapshot state may have changed. SeeNotReadableErrorUser agents MAY determine that some files are unsafe for use within Web applications. A file may change on disk since the original file selection, thus resulting in an invalid read. Additionally, some file and directory structures may be considered restricted by the underlying filesystem; attempts to read from them may be considered a security violation. See the security considerations. See
SecurityError
10.1. Throwing an Exception or Returning an Error
This section is normative. Error conditions can arise when reading a file.
Synchronous read methods throw exceptions of the type in the table below if there has been an error with reading.
The error attribute of the FileReader object must return a DOMError object [DOM4] of the most appropriate type from the table below if there has been an error, and otherwise returns null.
11. A URL for Blob and File reference
This section defines a scheme for a URL used to refer to Blob objects (and File objects).
11.1. Requirements for a New Scheme
This specification defines a scheme with URLs of the sort: blob:550e8400-e29b-41d4-a716-446655440000#aboutABBA. This section provides some requirements and is an informative discussion.
This scheme should be able to be used with web APIs such as
XMLHttpRequest[XHR], and with elements that are designed to be used with HTTP URLs, such as theimgelement [HTML]. In general, this scheme should be designed to be used wherever URLs can be used on the web.This scheme should have defined response codes, so that web applications can respond to scenarios where the resource is not found, or raises an error, etc.
This scheme should have an origin policy and a lifetime stipulation, to allow safe access to binary data from web applications.
URLs in this scheme should be used as a references to "in-memory" Blobs, and also be re-used elsewhere on the platform to refer to binary resources (e.g. for video-conferencing [WebRTC]). URLs in this scheme are designed for impermanence, since they will be typically used to access "in memory" resources.
Developers should have the ability to revoke URLs in this scheme, so that they no longer refer to
Blobobjects. This includes scenarios where file references are no longer needed by a program, but also other uses ofBlobobjects. Consider a scenario where aBlobobject can be exported from a drawing program which uses the canvas element and API [HTML]. A snapshot of the drawing can be created by exporting aBlob. This scheme can be used with theimg[HTML] element to display the snapshot; if the user deletes the snapshot, any reference to the snapshot in memory via a URL should be invalid, and hence the need to be able to revoke such a URL.
11.2. Discussion of Existing Schemes
This section is an informative discussion of existing schemes that may have been repurposed or reused for the use cases for URLs above, and justification for why a new scheme is considered preferable. These schemes include HTTP [RFC2616], file [RFC1630][RFC1738], and a scheme such as urn:uuid [RFC4122]. One broad consideration in determining what scheme to use is providing something with intuitive appeal to web developers.
HTTP could be repurposed for the use cases mentioned above; it already comes with well-defined request-response semantics that are already used by web applications. But
Blobresources are typically "in-memory" resident (e.g. after a file has been read into memory), and are thus unlike "traditional" HTTP resources that are dereferenced via DNS. While some user agents automatically "proxy" the underlying file system on the local machine via an HTTP server (e.g. with URLs of the sort http://localhost), HTTP is not traditionally used with local resources. Moreover, an important use case for these URLs are that they can be revoked with an API call. HTTP URLs have traditionally been used for resources that may be more permanent (and that are certainly not chiefly memory-resident, such as files that a web application can read). Reusing the HTTP scheme might be confusing for web developers owing to well-established practice.The reuse of file URLs would involve changes to file URL use today, such as adding response codes. While they are used inconsistently in web applications, the structure of the URLs would change, and request-response behavior would have to be superimposed on what already works in a more-or-less ad-hoc manner. Modifying this for the use cases cited above is imprudent, given legacy usage. Additionally, the use cases for a Blob URL scheme call for uses beyond the file system.
A scheme of the sort urn:uuid [RFC4122] could be used, though use of this scheme is unprecedented in HTML and JavaScript web applications. The urn:uuid scheme is very generic. URLs in the scheme urn:uuid have the disadvantage of unfamiliarity and inconsistency across the web platform. A new scheme has the advantage of being explicit about what is being referenced. In theory, URLs make no guarantee about what sort of resource is obtained when they are dereferenced; that is left to content labeling and media type. But in practice, the name of the scheme creates an expectation about both the resource and the protocol of the request-response transaction. Choosing a name that clarifies the primary use case - namely, access to memory-resident
Blobresources - is a worthwhile compromise, and favors clarity, familiarity, and consistency across the web platform.
11.3. Definition of blob URL Scheme
This section defines a blob: URL scheme using a formal grammar. A blob: URL consists of the blob: scheme and an opaque string, along with an optional fragment identifier. In this specification an opaque string is a unique string which can be heuristically generated upon demand such that the probability that two are alike is small, and which is hard to guess (e.g. the Universally Unique IDentifier (UUID) as defined in [RFC4122] is an opaque string). A fragment identifier is optional, and if used, has a distinct interpretation depending on the media type of the Blob or File resource in question [RFC2046].
This section uses the Augmented Backus-Naur Form (ABNF), defined in [RFC5234]. All blob: URLs must follow this ABNF.
blob = scheme ":" opaqueString [fragIdentifier]
scheme = "blob"
; scheme is always "blob"
; opaqueString tokens must be globally unique
; opaqueString could be a UUID in its canonical form
11.3.1. The Opaque String
Opaque strings must NOT include any reserved characters from [RFC3986] without percent-encoding them. Opaque strings must be globally unique. Such strings should only use characters in the ranges U+002A to U+002B, U+002D to U+002E, U+0030 to U+0039, U+0041 to U+005A, U+005E to U+007E [Unicode], and should be at least 36 characters long. UUID is one potential option available to user agents for use with Blob URLs as opaque strings, and their use is strongly encouraged. UUIDs are defined in [RFC4122]. For an ABNF of UUID, see Appendix A.
11.4. Discussion of Fragment Identifier
The fragment's format, resolution and processing directives depend on the media type [RFC2046] of a potentially retrieved representation, even though such a retrieval is only performed if the blob: URL is dereferenced. For example, in an HTML file [HTML] the fragment identifier could be used to refer to an anchor within the file. If the user agent does not recognize the media type of the resource, OR if a fragment identifer is not meaningful within the resource, it must ignore the fragment identifier. Additionally, user agents must honor additional fragment processing directives given in the relevant media format specifications; in particular, this includes any modifications to the fragment production given in HTML [HTML]. The following section is normative for fragment identifers in general, though it should be noted that affiliated specifications may extend this definition.
fragIdentifier = "#" fragment
; Fragment Identifiers depend on the media type of the Blob
; fragment is defined in [RFC3986]
; fragment processing for HTML is defined in [HTML]
fragment = *( pchar / "/" / "?" )
pchar = unreserved / pct-encoded / sub-delims / ":" / "@"
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
pct-encoded = "%" HEXDIG HEXDIG
sub-delims = "!" / "$" / "&" / "'" / "(" / ")"
/ "*" / "+" / "," / ";" / "="
A valid Blob URL reference could look like: blob:550e8400-e29b-41d4-a716-446655440000#aboutABBA where "#aboutABBA" might be an HTML fragment identifier referring to an element with an id attribute of "aboutABBA".
11.5. Dereferencing Model for Blob URLs
User agents must only support requests with GET [RFC2616]. If the Blob has a type attribute, or if the Blob has been created with a slice call which uses a contentTypeargument, responses to dereferencing the Blob URL must include the Content-Type header from HTTP [RFC2616] with the value of the type attribute or contentTypeargument. Responses to dereferencing the Blob URL must include the Content-Length header from HTTP [RFC2616] with the value of the size attribute. Specifically, responses must only support a subset of responses that are equivalent to the following from HTTP [RFC2616]:
11.5.1. 200 OK
This response [RFC2616] must be used if the request has succeeded, namely the blob: URL has been requested with a GET, and satisfies the lifetime requirement. If this response code is used, the user agent must also use a Content-Type header [RFC2616] with a value equal to the Blob object's type attribute. See blob: protocol examples.
11.5.2. Network Errors
Responses that do not succeed with a 200 OK must act as if a network error has occurred [XHR]. Network errors must be used when:
Any request method other than GET is used to dereference the URL.
The request does not satisfy the lifetime requirement.
The underlying resource has changed, moved, been deleted or has become invalid.
The permissions surrounding the underlying resource do not permit access.
Any error conditions occur with respect to accessing or reading the file.
A security error has occurred.
11.5.3. Request and Response Headers
This section provides sample exchanges between web applications and user agents using the blob: protocol. A request can be triggered using HTML markup of the sort <img src="blob:550e8400-e29b-41d4-a716-446655440000">, after a web application calls URL.createObjectURL on a given blob, which returns blob:550e8400-e29b-41d4-a716-446655440000 to dereference that blob. These examples merely illustrate the protocol; web developers are not likely to interact with all the headers, but thegetAllResponseHeaders() method of XMLHttpRequest, if used, will show relevant response headers [XHR].
Requests could look like this:
GET 550e8400-e29b-41d4-a716-446655440000
If the blob has an affiliated media type [RFC2046] represented by its type attribute, then the response message should include the Content-Type header from RFC2616 [RFC2616]. See processing media types.
200 OK
Content-Type: image/jpeg
Content-Length: 21897
....
If there is a file error or any other kind of error associated with the blob, then a user agent must act as if a network error has occurred.
11.6. Creating and Revoking a Blob URL
Blob URLs are created and revoked using methods exposed on the URL object, supported by global objects Window [HTML] and WorkerGlobalScope [Web Workers]. Revocation of a Blob URL decouples the Blob URL from the resource it refers to, and if it is dereferenced after it is revoked, user agents must act as if a network errorhas occurred. This section describes a supplemental interface to the URL specification [URL API] and presents methods for Blob URL creation and revocation.
partial interface URL {
static DOMString? createObjectURL(Blob blob);
static DOMString? createFor()Blob blob);
static void revokeObjectURL(DOMString url);
};
ECMAScript user agents of this specification must ensure that they do not expose a prototype property on the URL interface object unless the user agent also implements the URL [URL API] specification. In other words, URL.prototype must evaluate to true if the user agent implements the URL [URL API] specification, and must NOT evaluate to true otherwise.
11.6.1. Methods and Parameters
-
The
createObjectURLstatic method -
Returns a unique
BlobURL each time it is called on a validblobargument, which is a non-nullBlobin scope of the global object'sURLproperty from which this static method is called. This method must act as follows:If called with a
Blobargument that is NOT valid, then user agents must returnnull.If this method is called with a valid
Blobargument, user agents must run the following sub-steps:- Return a unique Blob URL that can be used to dereference the
blobargument. - Add an entry to the Blob URL Store for this
BlobURL.
- Return a unique Blob URL that can be used to dereference the
-
The
createForstatic method -
Returns a unique
BlobURL each time it is called on a validblobargument.BlobURLs created with this method are said to be auto-revoking since user-agents are responsible for the revocation of Blob URLs created with this method, subject to the lifetime stipulation for Blob URLs. This method must act as follows:If called with a
Blobargument that is NOT valid, then user agents must returnnull.If this method is called with a valid
Blobargument, user agents must run the following steps:- Return a unique Blob URL that can be used to dereference the blob argument.
- Add an entry to the Blob URL Store for this
BlobURL. - Add an entry in the Revocation List for this
BlobURL.
ExampleIn the example below, after obtaining a reference to a
Blobobject (in this case, a user-selectedFilefrom the underlying file system), the static methodURL.createObjectURL()is called on thatBlobobject.ECMAScriptvar file = document.getElementById('file').files[0]; if(file){ blobURLref = window.URL.createObjectURL(file); myimg.src = blobURLref; .... } -
The
revokeObjectURLstatic method -
Revokes the
BlobURL provided in the stringurlargument, and removes the corresponding entry from the Blob URL Store. This method must be processed as follows:- If the
urlrefers to aBlobthat is both valid and in the same origin of the global object's URL property on which this static method was called, user agents must remove the entry that for the URL on whichURL.revokeObjectURLwas called from the Blob URL Store; subsequent attempts to dereference this URL must return a network error response code. - If the
urlrefers to aBlobthat is NOT valid OR if the value provided for theurlargument is not aBlobURL OR if theurlargument refers to aBlobthat is NOT in the same origin as the global object's URL property, this method call does nothing. User agents may display a message on the error console.
The
urlargument to therevokeObjectURLmethod is a Blob URL string.ExampleIn the example below,
window1andwindow2are separate, but in the same origin;window2could be aniframe[HTML] insidewindow1.ECMAScriptmyurl = window1.URL.createObjectURL(myblob); window2.URL.revokeObjectURL(myurl);Since
window1andwindow2are in the same origin, theURL.revokeObjectURLcall ensures that subsequent dereferencing ofmyurlresults in a the user agent acting as if a network error has occurred. - If the
11.6.2. Examples of Blob URL Creation and Revocation
Blob URLs are strings that dereference Blob objects, and can persist for as long as the document from which they were minted using URL.createObjectURL() - see Lifetime of Blob URLs.
This section gives sample usage of creation and revocation of Blob URLs with explanations.
In the example below, two img elements [HTML] refer to the same Blob URL:
<script>url = URL.createObjectURL(blob); </script><script> img2.src=url;</script>
In the example below, URL.revokeObjectURL() is explicitly called.
var blobURLref = URL.createObjectURL(file);
img1 = new Image();
img2 = new Image();
// Both assignments below work as expected
img1.src = blobURLref;
img2.src = blobURLref;
// ... Following body load
// Check if both images have loaded
if(img1.complete && img2.complete)
{
// Ensure that subsequent refs throw an exception
URL.revokeObjectURL(blobURLref);
}
else {
msg("Images cannot be previewed!");
// revoke the string-based reference
URL.revokeObjectURL(blobURLref);
}
The example above allows multiple references to a single Blob URL, and the web developer then revokes the Blob URL string after both image objects have been loaded. While not restricting number of uses of the Blob URL offers more flexibility, it increases the likelihood of leaks; developers should pair it with a corresponding call to URL.revokeObjectURL.
var blobURLref2 = URL.createFor(file);
img1 = new Image();
img1.src = blobURLref2;
....
The example above uses URL.createFor, which allows uses such as the one above, and obviates the need for a corresponding call by the web developer toURL.revokeObjectURL.
11.7. Lifetime of Blob URLs
Each unit of related similar origin browsing contexts [HTML] must maintain a Blob URL Store which is a list of Blob URLs that have been created using URL.createObjectURLor URL.createFor, and the blob resource that each Blob URL refers to. Additionally, each unit of related similar origin browsing contexts must maintain a Revocation List, consisting of Blob URLs that have been created with the URL.createFor method. When this specification says to add an entry to the Blob URL Store the user-agent must add the Blob URL created using URL.createObjectURL or URL.createFor, and a reference to the blob it refers to, to the list. When this specification says to add an entry to the The Revocation List, user agents must add any Blob URL created with the URL.createFor method; the Revocation List is only for auto-revoking Blob URLs. TheRevocation List and the Blob URL Store must be processed together as follows:
- Add revoking all the URLs in the Revocation List to the global script cleanup jobs list, such that the following occurs when processing the global script cleanup jobs:
For each Blob URL in the Revocation List, remove the corresponding entry from the Blob URL Store. Subsequent attempts to dereference any removed Blob URL results in a network error.
When all the Blob URLs in the Revocation List have had their corresponding entries in the Blob URL Store removed, remove all the Blob URLs in the Revocation List.
This specification adds an additional unloading document cleanup step [HTML]: user agents must remove all Blob URLs from the Blob URL Store within that document. If these Blob URLs are dereferenced, user agents must respond with a network error.
Blob URLs that are not in the Blob URL Store may be garbage collected by the user agent. Only Blob URLs created using URL.createFor are automatically removed from the Blob URL Store. The Revocation List and the Blob URL Store are used in conjunction with the Fetch Specification [Fetch] .
12. Security Considerations
This section is informative.
This specification allows web content to read files from the underlying file system, as well as provides a means for files to be accessed by unique identifiers, and as such is subject to some security considerations. This specification also assumes that the primary user interaction is with the <input type="file"/> element of HTML forms [HTML], and that all files that are being read by FileReader objects have first been selected by the user. Important security considerations include preventing malicious file selection attacks (selection looping), preventing access to system-sensitive files, and guarding against modifications of files on disk after a selection has taken place.
Preventing selection looping. During file selection, a user may be bombarded with the file picker associated with
<input type="file"/>(in a "must choose" loop that forces selection before the file picker is dismissed) and a user agent may prevent file access to any selections by making theFileListobject returned be of size 0.System-sensitive files (e.g. files in /usr/bin, password files, and other native operating system executables) typically should not be exposed to web content, and should not be accessed via Blob URLs. User agents may throw a
SecurityErrorexception for synchronous read methods, or return aSecurityErrorDOMErrorfor asynchronous reads.Cross-origin requests on Blob URLs occur when a Blob URL is accessed across origins. User agents must act as if a network error has occurred if such requests are made.
This section is provisional; more security data may supplement this in subsequent drafts.
13. Requirements and Use Cases
This section covers what the requirements are for this API, as well as illustrates some use cases. This version of the API does not satisfy all use cases; subsequent versions may elect to address these.
Once a user has given permission, user agents should provide the ability to read and parse data directly from a local file programmatically.
- Example: A lyrics viewer. User wants to read song lyrics from songs in his plist file. User browses for plist file. File is opened, read, parsed, and presented to the user as a sortable, actionable list within a web application. User can select songs to fetch lyrics. User uses the "browse for file" dialog.
Data should be able to be stored locally so that it is available for later use, which is useful for offline data access for web applications.
- Example: A Calendar App. User's company has a calendar. User wants to sync local events to company calendar, marked as "busy" slots (without leaking personal info). User browses for file and selects it. The text/calendar file is parsed in the browser, allowing the user to merge the files to one calendar view. The user wants to then save the file back to his local calendar file. (using "Save As" ?). The user can also send the integrated calendar file back to the server calendar store asynchronously.
User agents should provide the ability to save a local file programmatically given an amount of data and a file name.
- Example: A Spreadsheet App. User interacts with a form, and generates some input. The form then generates a CSV (Comma Separated Variables) output for the user to import into a spreadsheet, and uses "Save...". The generated output can also be directly integrated into a web-based spreadsheet, and uploaded asynchronously.
User agents should provide a streamlined programmatic ability to send data from a file to a remote server that works more efficiently than form-based uploads today
- Example: A Video/Photo Upload App. User is able to select large files for upload, which can then be "chunk-transfered" to the server.
User agents should provide an API exposed to script that exposes the features above. The user is notified by UI anytime interaction with the file system takes place, giving the user full ability to cancel or abort the transaction. The user is notified of any file selections, and can cancel these. No invocations to these APIs occur silently without user intervention.
14. Appendix A
This section is informative and not normative.
15.1. An ABNF for UUID
The following is an informative ABNF [ABNF] for UUID, which is a strongly encouraged choice for the opaqueString production of Blob URLs.
UUID = time-low "-" time-mid "-"
time-high-and-version "-"
clock-seq-and-reserved
clock-seq-low "-" node
time-low = 4hexOctet
time-mid = 2hexOctet
time-high-and-version = 2hexOctet
clock-seq-and-reserved = hexOctet
clock-seq-low = hexOctet
node = 6hexOctet
hexOctet = hexDigit hexDigit
hexDigit =
"0" / "1" / "2" / "3" / "4" / "5" / "6" / "7" / "8" / "9" /
"a" / "b" / "c" / "d" / "e" / "f" /
"A" / "B" / "C" / "D" / "E" / "F"
15. Acknowledgements
This specification was originally developed by the SVG Working Group. Many thanks to Mark Baker and Anne van Kesteren for their feedback.
Thanks to Robin Berjon for editing the original specification.
Special thanks to Olli Pettay, Nikunj Mehta, Garrett Smith, Aaron Boodman, Michael Nordman, Jian Li, Dmitry Titov, Ian Hickson, Darin Fisher, Sam Weinig, Adrian Bateman and Julian Reschke.
Thanks to the W3C WebApps WG, and to participants on the public-webapps@w3.org listserv
16. References
17.1. Normative references
- RFC2119
- Key words for use in RFCs to Indicate Requirement Levels, S. Bradner. IETF.
- HTML
- HTML 5.1 Nightly: A vocabulary and associated APIs for HTML and XHTML (work in progress), I. Hickson. W3C.
- ProgressEvents
- Progress Events, A. van Kesteren. W3C.
- RFC2397
- The "data" URL Scheme, L. Masinter. IETF.
- Web Workers
- Web Workers (work in progress), I. Hickson. W3C.
- DOM4
- DOM4 (work in progress), A. Gregor, A. van Kesteren, Ms2ger. W3C.
- Unicode
- The Unicode Standard, Version 5.2.0., J. D. Allen, D. Anderson, et al. Unicode Consortium.
- RFC2616
- Hypertext Transfer Protocol -- HTTP/1.1, R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee. IETF.
- RFC2046
- Multipurpose Internet Mail Extensions (MIME) Part Two: Media Extensions, N. Freed, N. Borenstein. IETF.
- Encoding Specification
- Encoding Living Standard, A. van Kesteren, J. Bell.
- Typed Arrays
- Typed Arrays (work in progress), V. Vukicevic, K. Russell. Khronos Group.
- RFC5234
- Augmented BNF for Syntax Specifications: ABNF, D. Crocker, P. Overell. IETF.
- URL API Specification
- URL API (work in progress), A. Barth. W3C.
- WebIDL Specification
- WebIDL (work in progress), C. McCormack.
- ECMAScript
- ECMAScript 5th Edition, A. Wirfs-Brock, P. Lakshman et al.
- MIME Sniffing
- MIME Sniffing (work in progress), A. Barth, I. Hickson.
- XMLHttpRequest
- XMLHttpRequest Living Standard, A. van Kesteren.
17.2. Informative References
- Google Gears Blob API
- Google Gears Blob API (deprecated)
- RFC4122
- A Universally Unique IDentifier (UUID) URN Namespace, P. Leach, M. Mealling, R. Salz. IETF.
- RFC3986
- Uniform Resource Identifier (URI): Generic Syntax, T. Berners-Lee, R. Fielding, L. Masinter. IETF.
- RFC1630
- Universal Resource Identifiers in WWW, T. Berners-Lee. IETF.
- RFC1738
- Uniform Resource Locators (URL), T. Berners-Lee, L. Masinter, M. McCahill. IETF.
- WebRTC 1.0
- WebRTC 1.0, A. Bergkvist, D. Burnett, C. Jennings, A. Narayanan. W3C.
- Fetch Specification
- Fetch Specification, A. van Kestern. WHATWG.
