W3C

File API

W3C Last Call Working Draft 12 September 2013

This Version:
http://www.w3.org/TR/2013/WD-FileAPI-20130912/
Latest Published Version:
http://www.w3.org/TR/FileAPI/
Latest Editor’s Draft:
http://dev.w3.org/2006/webapi/FileAPI/
Previous Version(s):
http://www.w3.org/TR/2012/WD-FileAPI-20121025/
Editors:
Arun Ranganathan, Mozilla Corporation <arun@mozilla.com>
Jonas Sicking, Mozilla Corporation <jonas@sicking.cc>
Participate:

Send feedback to public-webapps@w3.org (archives), or file a bug (see existing bugs).


Abstract

This specification provides an API for representing file objects in web applications, as well as programmatically selecting them and accessing their data. This includes:

Additionally, this specification defines objects to be used within threaded web applications for the synchronous reading of files.

The section on Requirements and Use Cases [REQ] covers the motivation behind this specification.

This API is designed to be used in conjunction with other APIs and elements on the web platform, notably: XMLHttpRequest (e.g. with an overloaded send() method for File or Blob objects), postMessage, DataTransfer (part of the drag and drop API defined in [HTML,]) and Web Workers. Additionally, it should be possible to programmatically obtain a list of files from the input element when it is in the File Upload state[HTML]. These kinds of behaviors are defined in the appropriate affiliated specifications.

Status of this Document

This section describes the status of this document at the time of its publication. Other documents may supersede this document. A list of current W3C publications and the latest revision of this technical report can be found in the W3C technical reports index at http://www.w3.org/TR/.

This document is the 12 September 2013 Last Call Working Draft of the File API specification. Please send comments about this document to public-webapps@w3.org (archived).

Previous discussion of this specification has taken place on two other mailing lists: public-webapps@w3.org (archive) and public-webapi@w3.org (archive). Ongoing discussion will be on the public-webapps@w3.org mailing list.

This document is produced by the Web Applications WG in the W3C Interaction Domain.

Publication as a Last Call Working Draft does not imply endorsement by the W3C Membership. This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.

This document was produced by a group operating under the 5 February 2004 W3C Patent Policy. W3C maintains a public list of any patent disclosures made in connection with the deliverables of the group; that page also includes instructions for disclosing a patent. An individual who has actual knowledge of a patent which the individual believes contains Essential Claim(s) must disclose the information in accordance with section 6 of the W3C Patent Policy.

This draft is a Last Call Working Draft. Please send comments to the public-webapps@w3.org as described above. The deadline for comments is six weeks after the date of publication in the header: 24 October 2013.

Table of Contents

1. Introduction

This section is informative.

Web applications should have the ability to manipulate as wide as possible a range of user input, including files that a user may wish to upload to a remote server or manipulate inside a rich web application. This specification defines the basic representations for files, lists of files, errors raised by access to files, and programmatic ways to read files. Additionally, this specification also defines an interface that represents "raw data" which can be asynchronously processed on the main thread of conforming user agents. The interfaces and API defined in this specification can be used with other interfaces and APIs exposed to the web platform.

The File interface represents file data typically obtained from the underlying file system, and the Blob interface ("Binary Large Object" - a name originally introduced to web APIs in Google Gears) represents immutable raw data. File or Blob reads should happen asynchronously on the main thread, with an optional synchronous API used within threaded web applications. An asynchronous API for reading files prevents blocking and UI "freezing" on a user agent's main thread. This specification defines an asynchronous API based on an event model to read and access a File or Blob's data. A FileReader object provides asynchronous read methods to access that file's data through event handler attributes and the firing of events. The use of events and event handlers allows separate code blocks the ability to monitor the progress of the read (which is particularly useful for remote drives or mounted drives, where file access performance may vary from local drives) and error conditions that may arise during reading of a file. An example will be illustrative.

Example

In the example below, different code blocks handle progress, error, and success conditions.

ECMAScript

function startRead() {  
  // obtain input element through DOM 
  
  var file = document.getElementById('file').files[0];
  if(file){
    getAsText(file);
  }
}

function getAsText(readFile) {
        
  var reader = new FileReader();
  
  // Read file into memory as UTF-16      
  reader.readAsText(readFile, "UTF-16");
  
  // Handle progress, success, and errors
  reader.onprogress = updateProgress;
  reader.onload = loaded;
  reader.onerror = errorHandler;
}

function updateProgress(evt) {
  if (evt.lengthComputable) {
    // evt.loaded and evt.total are ProgressEvent properties
    var loaded = (evt.loaded / evt.total);
    if (loaded < 1) {
      // Increase the prog bar length
      // style.width = (loaded * 200) + "px";
    }
  }
}

function loaded(evt) {  
  // Obtain the read file data    
  var fileString = evt.target.result;
  // Handle UTF-16 file dump
  if(utils.regexp.isChinese(fileString)) {
    //Chinese Characters + Name validation
  }
  else {
    // run other charset test
  }
  // xhr.send(fileString)     
}

function errorHandler(evt) {
  if(evt.target.error.name == "NotReadableError") {
    // The file could not be read
  }
}

1.1 Model

A Blob object provides asynchronous access to a byte sequence, making the bytes available for use within web applications through the FileReader object; it has a size attribute, representing the total number of bytes that constitute the byte sequence, and a type attribute, which is an ASCII-encoded string in lower case. When converted to a byte sequence, the type is said to be a parsable MIME type if the parse a MIME type algorithm does not return undefined [MIMESNIFF]. The Blob's type is also used to generate a Content-Type header when using blob: URLs.

A File object is a Blob object with a name attribute, which is a UTF-16 string representing the file's name within the underlying file system or at time of creation with a constructor invoked from within a web application. Access to the byte sequence of the File is through the FileReader object.

2. Conformance

Everything in this specification is normative except for examples and sections marked as being informative.

The keywords “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “RECOMMENDED”, “MAY” and “OPTIONAL” in this document are to be interpreted as described in Key words for use in RFCs to Indicate Requirement Levels [RFC2119].

The following conformance classes are defined by this specification:

conforming user agent

A user agent is considered to be a conforming user agent if it satisfies all of the MUST-, REQUIRED- and SHALL-level criteria in this specification that apply to implementations. This specification uses both the terms "conforming user agent" and "user agent" to refer to this product class.

User agents may implement algorithms in this specifications in any way desired, so long as the end result is indistinguishable from the result that would be obtained from the specification's algorithms.

User agents that use ECMAScript to implement the APIs defined in this specification must implement them in a manner consistent with the ECMAScript Bindings defined in the Web IDL specification [WEBIDL] as this specification uses that specification and terminology.

3. Dependencies

This specification relies on underlying specifications.

DOM

A conforming user agent must support at least the subset of the functionality defined in DOM4 that this specification relies upon; in particular, it must support EventTarget. [DOM4]

Progress Events

A conforming user agent must support the Progress Events specification. Data access on read operations is enabled via Progress Events.[ProgressEvents]

HTML

A conforming user agent must support at least the subset of the functionality defined in HTML that this specification relies upon; in particular, it must support event loops and event handler attributes. [HTML]

Web IDL

A conforming user agent must also be a conforming implementation of the IDL fragments in this specification, as described in the Web IDL specification. [WebIDL]

Typed Arrays

A conforming user agent must support the Typed Arrays specification [TypedArrays].

Parts of this specification rely on the Web Workers specification; for those parts of this specification, the Web Workers specification is a normative dependency. [Workers]

4. Terminology and Algorithms

The terms and algorithms <fragment>, <scheme>, document, unloading document cleanup steps, event handler attributes, event handler event type, origin, same origin, event loops, task, task source, URL, global script cleanup jobs list, global script cleanup, queue a task, neuter, UTF-8, UTF-16. structured clone, collect a sequence of characters and converting a string to ASCII lowercase are as defined by the HTML specification [HTML].

When this specification says to terminate an algorithm the user agent must terminate the algorithm after finishing the step it is on. Asynchronous read methods defined in this specification may return before the algorithm in question is terminated, and can be terminated by an abort() call.

The term throw in this specification, as it pertains to exceptions, is used as defined in the DOM4 specification [DOM4].

The algorithms and steps in this specification use the following mathematical operations:

5. The FileList Interface

This interface is a list of File objects.

IDL

    interface FileList {
      getter File? item(unsigned long index);
      readonly attribute unsigned long length;
    };
    
Example

Sample usage typically involves DOM access to the <input type="file"> element within a form, and then accessing selected files.

ECMAScript

    // uploadData is a form element
    // fileChooser is input element of type 'file'
    var file = document.forms['uploadData']['fileChooser'].files[0];
    
    // alternative syntax can be
    // var file = document.forms['uploadData']['fileChooser'].files.item(0);
    
    if(file)
    {
      // Perform file ops
    }  
    

5.1. Attributes

length

must return the number of files in the FileList object. If there are no files, this attribute must return 0.

5.2. Methods and Parameters

item(index)

must return the indexth File object in the FileList. If there is no indexth File object in the FileList, then this method must return null.

index must be treated by user agents as value for the position of a File object in the FileList, with 0 representing the first file. Supported property indices [WebIDL] are the numbers in the range zero to one less than the number of File objects represented by the FileList object. If there are no such File objects, then there are no supported property indices [WebIDL].

Note
The HTMLInputElement interface [HTML] has a readonly attribute of type FileList, which is what is being accessed in the above example. Other interfaces with a readonly attribute of type FileList include the DataTransfer interface [HTML].

6. The Blob Interface

This interface represents immutable raw data. It provides a method to slice data objects between ranges of bytes into further chunks of raw data. It also provides an attribute representing the size of the chunk of data. The File interface inherits from this interface.

IDL

    [Constructor, 
     Constructor(sequence<(ArrayBuffer or ArrayBufferView or Blob or DOMString)> blobParts, optional BlobPropertyBag options)] 
    interface Blob {
      
      readonly attribute unsigned long long size;
      readonly attribute DOMString type;
      
      //slice Blob into byte-ranged chunks
      
      Blob slice(optional [Clamp] long long start,
                 optional [Clamp] long long end,
                 optional DOMString contentType);
      void close(); 
    
    };

    dictionary BlobPropertyBag {
		
      DOMString type = "";
	
    };
    

6.1. Constructors

The Blob() constructor can be invoked with zero or more parameters. When the Blob() constructor is invoked, user agents must run the following Blob constructor steps:

  1. If invoked with zero parameters, return a new Blob object consisting of 0 bytes, with size set to 0, and with type set to the empty string.

  2. Otherwise, the constructor is invoked with a blobParts sequence. Let a be that sequence.

  3. Let bytes be an empty sequence of bytes.

  4. Let length be a's length. For 0 ≤ i < length, repeat the following steps:

    1. Let element be the ith element of a.

    2. If element is a DOMString, run the following substeps:

      1. Let s be the result of converting element to a sequence of Unicode characters [Unicode] using the algorithm for doing so in WebIDL [WebIDL].

      2. Encode s as UTF-8 and append the resulting bytes to bytes.

      Note

      The algorithm from WebIDL [WebIDL] replaces unmatched surrogates in an invalid UTF-16 string with U+FFFD replacement characters. Scenarios exist when the Blob constructor may result in some data loss due to lost or scrambled character sequences.

    3. If element is an ArrayBufferView [TypedArrays], convert it to a sequence of byteLength bytes from the underlying ArrayBuffer, starting at the byteOffset of the ArrayBufferView [TypedArrays], and append those bytes to bytes.

    4. If element is an ArrayBuffer [TypedArrays], convert it to a sequence of byteLength bytes, and append those bytes to bytes.

    5. If element is a Blob, append the bytes it represents to bytes. The type of the Blob array element is ignored.

  5. If the type member of the optional options argument is provided and is not the empty string, run the following sub-steps:

    1. Let t be the type dictionary member. If t contains any characters outside the range U+0020 to U+007E, then set t to the empty string and return from these substeps.
    2. Convert every character in t to lowercase using the "converting a string to ASCII lowercase" algorithm [WebIDL].
  6. Return a Blob object consisting of bytes, with its size set to the length of bytes, and its type set to the value of t from the substeps above.

    Note

    The type t of a Blob is considered a parsable MIME type if the ASCII-encoded string representing the Blob object's type, when converted to a byte sequence, does not return undefined for the parse MIME type algorithm [MIMESNIFF].

6.1.1. Constructor Parameters

The Blob() constructor can be invoked with the parameters below:

A blobParts sequence
which takes any number of the following types of elements, and in any order:
An optional BlobPropertyBag
which takes one member:
  • type, the ASCII-encoded string in lower case representing the media type of the Blob. Normative conditions for this member are provided in the Blob constructor steps.
Example

Examples of constructor usage follow.

ECMAScript

// Create a new Blob object

var a = new Blob();

// Create a 1024-byte ArrayBuffer
// buffer could also come from reading a File

var buffer = new ArrayBuffer(1024);

// Create ArrayBufferView objects based on buffer

var shorts = new Uint16Array(buffer, 512, 128);
var bytes = new Uint8Array(buffer, shorts.byteOffset + shorts.byteLength);

var b = new Blob(["foobarbazetcetc" + "birdiebirdieboo"], {type: "text/plain;charset=UTF-8"});

var c = new Blob([b, shorts]);

var a = new Blob([b, c, bytes]);

var d = new Blob([buffer, b, c, bytes]);

6.2. Snapshot State

Each Blob must have a snapshot state, which must be initially set to the state of the underlying storage, if any such underlying storage exists. The snapshot state must be preserved through structured clone. If, at the time of processing any read method on the Blob, the state of the underlying storage containing the Blob is not equal to snapshot state, the read must fail with a NotReadableError.

Note

Snapshot state is a conceptual marker most useful for File objects backed by on-disk resources.

6.3. Attributes

size

Returns the size of the Blob object in bytes. On getting, conforming user agents must return the total number of bytes that can be read by a FileReader or FileReaderSync object, or 0 if the Blob has no bytes to be read. If the Blob has been neutered with close called on it, then size must return 0.

type

The ASCII-encoded string in lower case representing the media type of the Blob. For File objects that are returned from the underlying file system, user agents must return the type of a Blob as an ASCII-encoded string in lower case, such that when it is converted to a corresponding byte sequence, it is a parsable MIME type [MIMESNIFF], or the empty string -- 0 bytes -- if the type cannot be determined. When the Blob is of type text/plain user agents must NOT append a charset parameter to the dictionary of parameters portion of the media type [MIMESNIFF]. User agents must not attempt heuristic determination of encoding, including statistical methods. Further normative conditions for this attribute can be found in the Blob constructor steps and in the slice method algorithm, where this attribute can be set with the Blob constructor or a slice method call.

Note

Use of the type attribute informs the encoding determination and parsing the Content-Type header when dereferencing blob: URLs.

6.4. Methods and Parameters

6.4.1. The slice method

The slice method returns a new Blob object with bytes ranging from the optional start parameter upto but not including the optional end parameter, and with a type attribute that is the value of the optional contentType parameter. It must act as follows :

  1. Let O be the Blob object on which the slice method is being called.

  2. The optional start parameter is a value for the start point of a slice call, and must be treated as a byte-order position, with the zeroth position representing the first byte. User agents must process slice with start normalized according to the following:

    1. If the optional start parameter is not used as a parameter when making this call, let relativeStart be 0.

    2. If start is negative, let relativeStart be max((size + start), 0)).

    3. Else, let relativeStart be min(start, size).

  3. The optional end parameter is a value for the end point of a slice call. User agents must process slice with end normalized according to the following:

    1. If the optional end parameter is not used as a parameter when making this call, let relativeEnd be size.

    2. If end is negative, let relativeEnd be max((size + end), 0)

    3. Else, let relativeEnd be min(end, size)

  4. The optional contentType parameter is used to set the ASCII-encoded string in lower case representing the media type of the Blob. User agents must process the slice with contentType normalized according to the following:

    1. If the contentType parameter is not provided, let relativeContentType be set to the empty string .

    2. Else let relativeContentType be set to contentType and run the substeps below:

      1. If relativeContentType contains any characters outside the range of U+0020 to U+007E, then set relativeContentType to the empty string and return from these substeps.
      2. Convert every character in relativeContentType to lower case using the "Converting a string to ASCII lowercase" algorithm.
  5. Let span be max((relativeEnd - relativeStart), 0).

  6. Return a new Blob object S with the following characteristics:

    1. S consists of span consecutive bytes from O, beginning with the byte at byte-order position relativeStart.

    2. S.size = span.

    3. S.type = relativeContentType.

      Note

      The type t of a Blob is considered a parsable MIME type if the ASCII-encoded string representing the Blob object's type, when converted to a byte sequence, does not return undefined for the parse MIME type algorithm [MIMESNIFF].

    4. Let the snapshot state of S be set to the snapshot state of O.

Example

The examples below illustrate the different types of slice calls possible. Since the File interface inherits from the Blob interface, examples are based on the use of the File interface.

ECMAScript

    // obtain input element through DOM
    
    var file = document.getElementById('file').files[0];
    if(file)
    {
      // create an identical copy of file
      // the two calls below are equivalent
      
      var fileClone = file.slice(); 
      var fileClone2 = file.slice(0, file.size);
      
      // slice file into 1/2 chunk starting at middle of file
      // Note the use of negative number
      
      var fileChunkFromEnd = file.slice(-(Math.round(file.size/2)));
      
      // slice file into 1/2 chunk starting at beginning of file
      
      var fileChunkFromStart = file.slice(0, Math.round(file.size/2));
      
      // slice file from beginning till 150 bytes before end
      
      var fileNoMetadata = file.slice(0, -150, "application/experimental");      
    }
    

6.4.2. The close method

Calling the close method must permanently neuter the original Blob object. This is an irreversible and non-idempotent operation; once a Blob has been neutered, it cannot be used again; dereferencing a Blob URL bound to a Blob object on which close has been called results in a network error. A neutered Blob must have a size of 0.

Note

Calling close must not affect an ongoing read operation via any asynchronous read methods . Calling close must not affect any Blob objects created by a slice call on the Blob object on which close has been called. While Blob objects can be neutered via a call to close, they are not Transferable [HTML]. They are immutable, and thus invalidating them on the sending side is not useful; implementations can share Blob data between two threads without needing invalidation.

7. The File Interface

This interface describes a single file in a FileList and exposes its name. It inherits from Blob.

IDL

[Constructor(Blob fileBits, [EnsureUTF16] DOMString fileName)]
interface File : Blob {

  readonly attribute DOMString name;
  readonly attribute Date lastModifiedDate;

};
	  

7.1 File Constructor

The File constructor is invoked with a Blob argument, and a DOMString argument and must return a new File object F with the following properties:

  1. F.size is the same as the size of the fileBits Blob argument, which must be the immutable raw data of F.

  2. F.name is set as follows:

    1. Let N be a new string of the same size as the fileName argument to the constructor. Copy every character from fileName to N, replacing any "/" character (U+002F SOLIDUS) with a ":" (U+003A COLON).

    2. Set F.name to N.

  3. If the fileBits argument has a type, then F.type = fileBits.type.

  4. User agents must initially set F.lastModifiedDate to the time of object creation.

7.2. Attributes

name

The name of the file; on getting, this must return the name of the file as a string. There are numerous file name variations on different systems; this is merely the name of the file, without path information. On getting, if user agents cannot make this information available, they must return the empty string.

lastModifiedDate

The last modified date of the file. On getting, if user agents can make this information available, this must return a new Date[HTML] object initialized to the last modified date of the file. If the last modification date and time are not known, the attribute must return the current date and time as a Date object.

The File interface is available on objects that expose an attribute of type FileList; these objects are defined in HTML [HTML]. The File interface, which inherits from Blob, is immutable, and thus represents file data that can be read into memory at the time a read operation is initiated. User agents must process reads on files that no longer exist at the time of read as errors, throwing a NotFoundError exception if using a FileReaderSync on a Web Worker [Workers] or firing an error event with the error attribute returning a NotFoundError DOMError.

8. The FileReader Interface

This interface provides methods to read File objects or Blob objects into memory, and to access the data from those Files or Blobs using progress events and event handler attributes; it inherits from EventTarget [DOM4]. It is desirable to read data from file systems asynchronously in the main thread of user agents. This interface provides such an asynchronous API, and is specified to be used with the global object (Window [HTML]).

IDL


	[Constructor]
	interface FileReader: EventTarget {

	  // async read methods
	  void readAsArrayBuffer(Blob blob);
	  void readAsText(Blob blob, optional DOMString label);
	  void readAsDataURL(Blob blob);

	  void abort();

	  // states
	  const unsigned short EMPTY = 0;
	  const unsigned short LOADING = 1;
	  const unsigned short DONE = 2;


	  readonly attribute unsigned short readyState;

	  // File or Blob data
	  readonly attribute (DOMString or ArrayBuffer)? result;

	  readonly attribute DOMError? error;

	  // event handler attributes
	  attribute EventHandler onloadstart;
	  attribute EventHandler onprogress;
	  attribute EventHandler onload;
	  attribute EventHandler onabort;
	  attribute EventHandler onerror;
	  attribute EventHandler onloadend;

	};
	  

8.1. The FileReader Task Source

The FileReader interface enables asynchronous reads on individual Blob objects by firing progress events as the read occurs. Unless stated otherwise, the task source that is used in this specification is the FileReader. This task source is used for events that are asynchronously fired, and for event tasks that are queued for firing, and for the read methods, which queue tasks to update the result.

8.2. Constructors

When the FileReader() constructor is invoked, the user agent must return a new FileReader object.

In environments where the global object is represented by a Window or a WorkerGlobalScope object, the FileReader constructor must be available.

8.3. Event Handler Attributes

The following are the event handler attributes (and their corresponding event handler event types) that user agents must support on FileReader as DOM attributes:

event handler attribute event handler event type
onloadstart loadstart
onprogress progress
onabort abort
onerror error
onload load
onloadend loadend

8.4. FileReader States

The FileReader object can be in one of 3 states. The readyState attribute, on getting, must return the current state, which must be one of the following values:

EMPTY (numeric value 0)

The FileReader object has been constructed, and there are no pending reads. None of the read methods have been called. This is the default state of a newly minted FileReader object, until one of the read methods have been called on it.

LOADING (numeric value 1)

A File or Blob is being read. One of the read methods is being processed, and no error has occurred during the read.

DONE (numeric value 2)

The entire File or Blob has been read into memory, OR a file error occurred during read, OR the read was aborted using abort(). The FileReader is no longer reading a File or Blob. If readyState is set to DONE it means at least one of the read methods have been called on this FileReader.

8.5. Reading a File or Blob

8.5.1. Multiple Reads

The FileReader interface makes available three asynchronous read methods - readAsArrayBuffer, readAsText, and readAsDataURL, which read files into memory. If multiple concurrent read methods are called on the same FileReader object, user agents must throw an InvalidStateError [DOM4] on any of the read methods that occur when readyState = LOADING.

8.5.2. The result attribute

On getting, the result attribute returns a Blob's data as a DOMString, or as an ArrayBuffer [TypedArrays], or null, depending on the read method that has been called on the FileReader, and any errors that may have occurred. The list below is normative for the result attribute and is the conformance criteria for this attribute:

  • On getting, if the readyState is EMPTY (no read method has been called) then the result attribute must return null.

  • On getting, if an error in reading the File or Blob has occurred (using any read method), then the result attribute must return null.

  • On getting, if the readAsDataURL read method is used, the result attribute must return a DOMString that is a Data URL [DataURL] encoding of the File or Blob's data.

  • On getting, if the readAsText read method is called and no error in reading the File or Blob has occurred, then the result attribute must return a string representing the File or Blob's data as a text string, and should decode the string into memory in the format specified by the encoding determination as a DOMString.

  • On getting, if the readAsArrayBuffer read method is called and no error in reading the File or Blob has occurred, then the result attribute must return an ArrayBuffer [TypedArrays] object.

If a read is successful, the result attribute must return a non-null value only after a progress event (see also [ProgressEvents]) has fired, since all the read methods access Blob data asynchronously. Tasks are queued to update the result attribute as Blob data is made available.

8.5.3. The readAsDataURL(blob) method

When the readAsDataURL(blob) method is called, the user agent must run the steps below (unless otherwise indicated).

  1. If readyState = LOADING throw an InvalidStateError exception [DOM4] and terminate this algorithm.

    Note: The readAsDataURL() method returns due to the algorithm being terminated.

  2. If the blob has been neutered through the close method, throw an InvalidStateError exception [DOM4] and terminate this algorithm.

    Note: The readAsDataURL() method returns due to the algorithm being terminated.

  3. If an error occurs during reading of the blob parameter set readyState to DONE and set result to null. Proceed to the error steps.

  4. If no error has occurred, set readyState to LOADING

  5. Fire a progress event called loadstart.

  6. Return the readAsDataURL() method, but continue to process the steps in this algorithm.

  7. Make progress notifications.

  8. When the blob has been fully read into memory queue a task to do the following:

    1. Set readyState to DONE.

    2. Set the result attribute with the blob as a DataURL [DataURL] after it has been fully read into memory; on getting, the result attribute returns the (complete) data of blob as a Data URL [DataURL].

      • Use the blob's type attribute as part of the Data URL if it is available in keeping with the Data URL specification [DataURL].

      • If the type attribute is not available on the blob return a Data URL without a media-type. [DataURL].

        Data URLs that do not have media-types [RFC2046] must be treated as plain text by conforming user agents. [DataURL].

    3. Fire a progress event called load.
    4. Unless readyState is LOADING fire a progress event called loadend. If readyState is LOADING do NOT fire loadend.
  9. Terminate this algorithm.

8.5.4. The readAsText(blob, label) method

The readAsText() method can be called with an optional parameter, label, which is a DOMString argument that represents the label of an encoding [Encoding Specification]; if provided, it must be used as part of the encoding determination used when processing this method call.

When the readAsText(blob, label) method is called (the label argument is optional), the user agent must run the steps below (unless otherwise indicated).

  1. If readyState = LOADING throw an InvalidStateError [DOM4] and terminate these steps.

    Note: The readAsText() method returns due to the algorithm being terminated.

  2. If the blob has been neutered through the close method, throw an InvalidStateError exception [DOM4] and terminate this algorithm.

    Note: The readAsText() method returns due to the algorithm being terminated.

  3. If an error occurs during reading the blob parameter, set readyState to DONE and set result to null. Proceed to the error steps.

  4. If no error has occurred, set readyState to LOADING

  5. Fire a progress event called loadstart.

  6. Return the readAsText() method, but continue to process the steps in this algorithm

  7. Make progress notifications.

  8. When the blob has been read into memory fully, queue a task to do the following:

    1. Set readyState to DONE

    2. Set the result attribute to the fully read blob, represented as a string in a format determined by the encoding determination.

    3. Fire a progress event called load.
    4. Unless readyState is LOADING fire a progress event called loadend. If readyState is LOADING do NOT fire loadend.
  9. Terminate this algorithm.

8.5.5. The readAsArrayBuffer(blob) method

When the readAsArrayBuffer(blob) method is called, the user agent must run the steps below (unless otherwise indicated).

  1. If readyState = LOADING throw an InvalidStateError exception [DOM4] and terminate these steps.

    Note: The readAsArrayBuffer() method returns due to the algorithm being terminated.

  2. If the blob has been neutered through the close method, throw an InvalidStateError exception [DOM4] and terminate this algorithm.

    Note: The readAsArrayBuffer() method returns due to the algorithm being terminated.

  3. If an error occurs during reading the blob parameter, set readyState to DONE and set result to null. Proceed to the error steps.

  4. If no error has occurred, set readyState to LOADING

  5. Fire a progress event called loadstart.

  6. Return the readAsArrayBuffer() method, but continue to process the steps in this algorithm.

  7. Make progress notifications.

  8. When the blob has been read into memory fully, queue a task to do the following:

    1. Set readyState to DONE

    2. Set the result attribute to the value of the fully read blob as an ArrayBuffer [TypedArrays] object.

    3. Fire a progress event called load.

    4. Unless readyState is LOADING fire a progress event called loadend. If readyState is LOADING do NOT fire loadend.

  9. Terminate this algorithm.

8.5.6. Error Steps

  1. Fire a progress event called error. Set the error attribute; on getting, the error attribute must be a a DOMError object that indicates the kind of file error that has occurred.

  2. Unless readyState is LOADING, fire a progress event called loadend. If readyState is LOADING do NOT fire loadend.

  3. Terminate the algorithm for any read method.

    Note: The read method returns due to the algorithm being terminated.

8.5.7. The abort() method

When the abort() method is called, the user agent must run the steps below:

  1. If readyState = EMPTY or if readyState = DONE set result to null and terminate this overall set of steps without doing anything else.

  2. If readyState = LOADING set readyState to DONE and result to null.

  3. If there are any tasks from the object's FileReader task source in one of the task queues, then remove those tasks.

  4. Terminate the algorithm for the read method being processed.

  5. Fire a progress event called abort

  6. Unless readyState is LOADING fire a progress event called loadend. If readyState is LOADING do NOT fire loadend.

8.5.8. Blob Parameters

The three asynchronous read methods, the three synchronous read methods, and createObjectURL take a mandatory Blob parameter. This section defines this parameter.

blob

This is a Blob argument and must be a reference to a single File in a FileList or a Blob object not obtained from the file system that is in scope of the global object from which the method call was made.

8.5.9. Determining Encoding

When reading blob objects using the readAsText() read method, the following encoding determination steps must be followed:

  1. Let encoding be null

  2. If the label argument is present, set encoding to the result of "getting an encoding" using the Encoding Specification [Encoding Specification] for label.

  3. If the "getting an encoding" steps above return failure, then set encoding to null.

  4. If encoding is null, and the blob argument's type attribute is present, and it uses a Charset Parameter [RFC2046], set encoding to the result of "getting an encoding" using the Encoding Specification [Encoding Specification] for the portion of the Charset Parameter that is a label of an encoding.

    Example

    If blob has a type attribute of text/plain;charset=UTF-8 then "getting an encoding" is run using UTF-8 as the label. Note that user agents must parse and extract the portion of the Charset Parameter that constitutes a label of an encoding.

  5. If the "getting an encoding" steps above return failure, then set encoding to null.

  6. If encoding is null, then set encoding to utf-8.

  7. "Decode" [Encoding Specification] this blob using fallback encoding encoding, and return the result. On getting, the result attribute of the FileReader object returns a string in encoding format. The synchronous readAsText method of the FileReaderSync object returns a string in encoding format.

8.5.10. Events

When this specification says to make progress notifications for a read method while the read method is processing, queue a task to fire a progress event called progress at the FileReader object about every 50ms or for every byte read into memory, whichever is least frequent. At least one event called progress must fire before load is fired, and at 100% completion of the read operation; if 100% of blob can be read into memory in less than 50ms, user agents must fire a progress event called progress at completion.

Example

If a given implementation uses buffers of size 65536 bytes to read files, and thus limits reading operations to that size, and a read method is called on a file that is 65537 bytes, then that implementation must fire one progress event for the 65536 first bytes, one progress event for the 65537th byte (which is at completion of read), one load event and one loadend event.

When this specification says to fire a progress event called e (for some ProgressEvent e at a FileReader reader), the following are normative:

  • The progress event e does not bubble. e.bubbles must be false [DOM4]

  • The progress event e is NOT cancelable. e.cancelable must be false [DOM4]

  • The term "fire an event" is defined in DOM Core [DOM4]. Progress Events are defined in Progress Events [ProgressEvents].

8.5.10.1. Event Summary

The following are the events that are fired at FileReader objects; firing events is defined in DOM Core [DOM4].

Event name Interface Fired when…
loadstart ProgressEvent When the read starts.
progress ProgressEvent While reading (and decoding) blob
abort ProgressEvent When the read has been aborted. For instance, by invoking the abort() method.
error ProgressEvent When the read has failed (see errors).
load ProgressEvent When the read has successfully completed.
loadend ProgressEvent When the request has completed (either in success or failure).
8.5.10.2. Summary of Event Invariants

This section is informative. The following are invariants applicable to event firing for a given asynchronous read method in this specification:

  1. Once a loadstart has been fired, a corresponding loadend fires at completion of the read, EXCEPT if

    • the read method has been cancelled using abort() and a new read method has been invoked;

    • the event handler function for a load event initiates a new read;

    • the event handler function for a error event initiates a new read.

    Note
    The events loadstart and loadend are not coupled in a one-to-one manner.
    Example

    This example showcases "read-chaining" namely initiating another read from within an event handler while the "first" read continues processing.

    ECMAScript
    
        // In code of the sort...
        reader.readAsText(file);
        reader.onload = function(){reader.readAsText(alternateFile);}
        
        .....
    
        //... the loadend event must not fire for the first read
    
        reader.readAsText(file);
        reader.abort();
        reader.onabort = function(){reader.readAsText(updatedFile);}
    
        //... the loadend event must not fire for the first read
         
        
  2. One progress event will fire when blob has been completely read into memory.

  3. No progress event fires before loadstart.

  4. No progress event fires after any one of abort, load, and error have fired. At most one of abort, load, and error fire for a given read.

  5. No abort, load, or error event fires after loadend.

9. Reading on Threads

Web Workers allow for the use of synchronous File or Blob read APIs, since such reads on threads do not block the main thread. This section defines a synchronous API, which can be used within Workers [Web Workers]. Workers can avail of both the asynchronous API (the FileReader object) and the synchronous API (the FileReaderSync object).

9.1. The FileReaderSync Interface

This interface provides methods to synchronously read File or Blob objects into memory.

IDL


	[Constructor]
	interface FileReaderSync {

	  // Synchronously return strings

	  ArrayBuffer readAsArrayBuffer(Blob blob); 
	  DOMString readAsText(Blob blob, optional DOMString label);
	  DOMString readAsDataURL(Blob blob);
	};
	

9.1.1. Constructors

When the FileReaderSync() constructor is invoked, the user agent must return a new FileReaderSync object.

In environments where the global object is represented by a WorkerGlobalScope object, the FileReaderSync constructor must be available.

10.1.2. The readAsText method

When the readAsText(blob, label) method is called (the label argument is optional), the following steps must be followed:

  1. If an error occurs during reading of the blob parameter, throw the appropriate exception. Terminate these overall steps.

  2. If no error has occurred, read blob into memory. Return the data contents of blob using the encoding determination algorithm.

9.1.3. The readAsDataURL method

When the readAsDataURL(blob) method is called, the following steps must be followed:

  1. If an error occurs during reading of the blob parameter, throw the appropriate exception. Terminate these overall steps.

  2. If no error has occurred, read blob into memory. Return the data contents of blob as a Data URL [DataURL]

    • Use the blob's type attribute as part of the Data URL if it is available in keeping with the Data URL specification [DataURL] .
    • If the type attribute is not available on the blob return a Data URL without a media-type. [DataURL].

      Data URLs that do not have media-types [RFC2046] must be treated as plain text by conforming user agents. [DataURL].

9.1.4. The readAsArrayBuffer method

When the readAsArrayBuffer(blob) method is called, the following steps must be followed:

  1. If an error occurs during reading the blob parameter, throw the appropriate exception. Terminate these overall steps.

  2. If no error has occurred, read blob into memory. Return the data contents of blob as an ArrayBuffer [TypedArrays]

10. Errors and Exceptions

Error conditions can occur when reading files from the underlying filesystem. The list below of potential error conditions is informative.

10.1. Throwing an Exception or Returning an Error

This section is normative. Error conditions can arise when reading a file.

Synchronous read methods throw exceptions of the type in the table below if there has been an error with reading.

The error attribute of the FileReader object must return a DOMError object [DOM4] of the most appropriate type from the table below if there has been an error, and otherwise returns null.

Type Description
NotFoundError If the File or Blob resource could not be found at the time the read was processed, then for asynchronous read methods the error attribute must return a "NotFoundError" DOMError and synchronous read methods must throw a NotFoundError exception.
SecurityError If:
  • it is determined that certain files are unsafe for access within a Web application
  • it is determined that too many read calls are being made on File or Blob resources
  • it is determined that the file has changed on disk since the user selected it

then for asynchronous read methods the error attribute may return a "SecurityError" DOMError and synchronous read methods may throw a SecurityError exception.

This is a security error to be used in situations not covered by any other exception type.

NotReadableError If the snapshot state of a File or a Blob does not match the state of the underlying storage, then for asynchronous read methods the error attribute must return a "NotReadableError" DOMError and synchronous read methods must throw a NotReadableError exception. If the File or Blob cannot be read, typically due due to permission problems that occur after a snapshot state has been established (e.g. concurrent lock on the underlying storage with another application) then for asynchronous read methods the error attribute must return a "NotReadableError" DOMError and synchronous read methods must throw a NotReadableError exception.

11. A URL for Blob and File reference

This section defines a scheme for a URL used to refer to Blob objects (and File objects).

11.1. Requirements for a New Scheme

This specification defines a scheme with URLs of the sort: blob:550e8400-e29b-41d4-a716-446655440000#aboutABBA. This section provides some requirements and is an informative discussion.

11.2. Discussion of Existing Schemes

This section is an informative discussion of existing schemes that may have been repurposed or reused for the use cases for URLs above, and justification for why a new scheme is considered preferable. These schemes include HTTP [RFC2616], file [RFC1630][RFC1738], and a scheme such as urn:uuid [RFC4122]. One broad consideration in determining what scheme to use is providing something with intuitive appeal to web developers.

11.3. Definition of blob URL Scheme

This section defines a blob: URL scheme using a formal grammar. A blob: URL consists of the blob: scheme and an opaque string, along with an optional fragment identifier. In this specification an opaque string is a unique string which can be heuristically generated upon demand such that the probability that two are alike is small, and which is hard to guess (e.g. the Universally Unique IDentifier (UUID) as defined in [RFC4122] is an opaque string). A fragment identifier is optional, and if used, has a distinct interpretation depending on the media type of the Blob or File resource in question [RFC2046].

This section uses the Augmented Backus-Naur Form (ABNF), defined in [RFC5234]. All blob: URLs must follow this ABNF.

ABNF

	blob = scheme ":" opaqueString [fragIdentifier]

	scheme = "blob"

	; scheme is always "blob"

	; opaqueString tokens must be globally unique
	; opaqueString could be a UUID in its canonical form

	

11.3.1. The Opaque String

Opaque strings must NOT include any reserved characters from [RFC3986] without percent-encoding them. Opaque strings must be globally unique. Such strings should only use characters in the ranges U+002A to U+002B, U+002D to U+002E, U+0030 to U+0039, U+0041 to U+005A, U+005E to U+007E [Unicode], and should be at least 36 characters long. UUID is one potential option available to user agents for use with Blob URLs as opaque strings, and their use is strongly encouraged. UUIDs are defined in [RFC4122]. For an ABNF of UUID, see Appendix A.

11.4. Discussion of Fragment Identifier

The fragment's format, resolution and processing directives depend on the media type [RFC2046] of a potentially retrieved representation, even though such a retrieval is only performed if the blob: URL is dereferenced. For example, in an HTML file [HTML] the fragment identifier could be used to refer to an anchor within the file. If the user agent does not recognize the media type of the resource, OR if a fragment identifer is not meaningful within the resource, it must ignore the fragment identifier. Additionally, user agents must honor additional fragment processing directives given in the relevant media format specifications; in particular, this includes any modifications to the fragment production given in HTML [HTML]. The following section is normative for fragment identifers in general, though it should be noted that affiliated specifications may extend this definition.

ABNF

	fragIdentifier = "#" fragment

	; Fragment Identifiers depend on the media type of the Blob
	; fragment is defined in [RFC3986]
	; fragment processing for HTML is defined in [HTML]

	fragment    = *( pchar / "/" / "?" )

	pchar       = unreserved / pct-encoded / sub-delims / ":" / "@"

	unreserved    = ALPHA / DIGIT / "-" / "." / "_" / "~"

	pct-encoded   = "%" HEXDIG HEXDIG

	sub-delims    = "!" / "$" / "&" / "'" / "(" / ")"
	                 / "*" / "+" / "," / ";" / "="
	

A valid Blob URL reference could look like: blob:550e8400-e29b-41d4-a716-446655440000#aboutABBA where "#aboutABBA" might be an HTML fragment identifier referring to an element with an id attribute of "aboutABBA".

11.5. Dereferencing Model for Blob URLs

User agents must only support requests with GET [RFC2616]. If the Blob has a type attribute, or if the Blob has been created with a slice call which uses a contentType argument, responses to dereferencing the Blob URL must include the Content-Type header from HTTP [RFC2616] with the value of the type attribute or contentType argument. Responses to dereferencing the Blob URL must include the Content-Length header from HTTP [RFC2616] with the value of the size attribute. Specifically, responses must only support a subset of responses that are equivalent to the following from HTTP [RFC2616]:

11.5.1. 200 OK

This response [RFC2616] must be used if the request has succeeded, namely the blob: URL has been requested with a GET, and satisfies the lifetime requirement. If this response code is used, the user agent must also use a Content-Type header [RFC2616] with a value equal to the Blob object's type attribute. See blob: protocol examples.

11.5.2. Network Errors

Responses that do not succeed with a 200 OK must act as if a network error has occurred [XHR]. Network errors must be used when:

  • Any request method other than GET is used to dereference the URL.

  • The request does not satisfy the lifetime requirement.

  • The underlying resource has changed, moved, been deleted or has become invalid.

  • The permissions surrounding the underlying resource do not permit access.

  • Any error conditions occur with respect to accessing or reading the file.

  • A security error has occurred.

11.5.3. Request and Response Headers

This section provides sample exchanges between web applications and user agents using the blob: protocol. A request can be triggered using HTML markup of the sort <img src="blob:550e8400-e29b-41d4-a716-446655440000">, after a web application calls URL.createObjectURL on a given blob, which returns blob:550e8400-e29b-41d4-a716-446655440000 to dereference that blob. These examples merely illustrate the protocol; web developers are not likely to interact with all the headers, but the getAllResponseHeaders() method of XMLHttpRequest, if used, will show relevant response headers [XHR].

Example

Requests could look like this:

HEADERS

	GET 550e8400-e29b-41d4-a716-446655440000
	

If the blob has an affiliated media type [RFC2046] represented by its type attribute, then the response message should include the Content-Type header from RFC2616 [RFC2616]. See processing media types.

HEADERS

  
  200 OK
  Content-Type: image/jpeg
  Content-Length: 21897
  
  ....
	

If there is a file error or any other kind of error associated with the blob, then a user agent must act as if a network error has occurred.

11.5.3.1. Processing Media Types

If a Content-Type header [RFC2616] is provided (e.g. if the blob has an affiliated type attribute), then user agents should obtain and process that media type in a manner consistent with the Media Type Sniffing specification [MIMESNIFF].

11.6. Creating and Revoking a Blob URL

Blob URLs are created and revoked using methods exposed on the URL object, supported by global objects Window [HTML] and WorkerGlobalScope [Web Workers]. Revocation of a Blob URL decouples the Blob URL from the resource it refers to, and if it is dereferenced after it is revoked, user agents must act as if a network error has occurred. This section describes a supplemental interface to the URL specification [URL API] and presents methods for Blob URL creation and revocation.

IDL

	partial interface URL {

	    static DOMString? createObjectURL(Blob blob);
      static DOMString? createFor()Blob blob);
	    static void revokeObjectURL(DOMString url);
	};

	

ECMAScript user agents of this specification must ensure that they do not expose a prototype property on the URL interface object unless the user agent also implements the URL [URL API] specification. In other words, URL.prototype must evaluate to true if the user agent implements the URL [URL API] specification, and must NOT evaluate to true otherwise.

11.6.1. Methods and Parameters

The createObjectURL static method

Returns a unique Blob URL each time it is called on a valid blob argument, which is a non-null Blob in scope of the global object's URL property from which this static method is called. This method must act as follows:

  1. If called with a Blob argument that is NOT valid, then user agents must return null.

  2. If this method is called with a valid Blob argument, user agents must run the following sub-steps:

    1. Return a unique Blob URL that can be used to dereference the blob argument.
    2. Add an entry to the Blob URL Store for this Blob URL.
The createFor static method

Returns a unique Blob URL each time it is called on a valid blob argument. Blob URLs created with this method are said to be auto-revoking since user-agents are responsible for the revocation of Blob URLs created with this method, subject to the lifetime stipulation for Blob URLs. This method must act as follows:

  1. If called with a Blob argument that is NOT valid, then user agents must return null.

  2. If this method is called with a valid Blob argument, user agents must run the following steps:

    1. Return a unique Blob URL that can be used to dereference the blob argument.
    2. Add an entry to the Blob URL Store for this Blob URL.
    3. Add an entry in the Revocation List for this Blob URL.
Example

In the example below, after obtaining a reference to a Blob object (in this case, a user-selected File from the underlying file system), the static method URL.createObjectURL() is called on that Blob object.

ECMAScript

	var file = document.getElementById('file').files[0];
	if(file){
	  blobURLref = window.URL.createObjectURL(file);
	  myimg.src = blobURLref;

    ....

	}
	
The revokeObjectURL static method

Revokes the Blob URL provided in the string url argument, and removes the corresponding entry from the Blob URL Store. This method must be processed as follows:

  1. If the url refers to a Blob that is both valid and in the same origin of the global object's URL property on which this static method was called, user agents must remove the entry that for the URL on which URL.revokeObjectURL was called from the Blob URL Store; subsequent attempts to dereference this URL must return a network error response code.
  2. If the url refers to a Blob that is NOT valid OR if the value provided for the url argument is not a Blob URL OR if the url argument refers to a Blob that is NOT in the same origin as the global object's URL property, this method call does nothing. User agents may display a message on the error console.

The url argument to the revokeObjectURL method is a Blob URL string.

Example

In the example below, window1 and window2 are separate, but in the same origin; window2 could be an iframe [HTML] inside window1.

ECMAScript

	myurl = window1.URL.createObjectURL(myblob);
	window2.URL.revokeObjectURL(myurl);
	

Since window1 and window2 are in the same origin, the URL.revokeObjectURL call ensures that subsequent dereferencing of myurl results in a the user agent acting as if a network error has occurred.

11.6.2. Examples of Blob URL Creation and Revocation

Blob URLs are strings that dereference Blob objects, and can persist for as long as the document from which they were minted using URL.createObjectURL() - see Lifetime of Blob URLs.

This section gives sample usage of creation and revocation of Blob URLs with explanations.

Examples

In the example below, two img elements [HTML] refer to the same Blob URL:

ECMAScript

<script>url = URL.createObjectURL(blob); </script><script> img2.src=url;</script>

In the example below, URL.revokeObjectURL() is explicitly called.

ECMAScript

var blobURLref = URL.createObjectURL(file);
img1 = new Image();
img2 = new Image();

// Both assignments below work as expected

img1.src = blobURLref;
img2.src = blobURLref;

// ... Following body load
// Check if both images have loaded


if(img1.complete && img2.complete)
{
	// Ensure that subsequent refs throw an exception
	
	URL.revokeObjectURL(blobURLref);
}
else {

	msg("Images cannot be previewed!");
	
	// revoke the string-based reference
	
	URL.revokeObjectURL(blobURLref);

}

The example above allows multiple references to a single Blob URL, and the web developer then revokes the Blob URL string after both image objects have been loaded. While not restricting number of uses of the Blob URL offers more flexibility, it increases the likelihood of leaks; developers should pair it with a corresponding call to URL.revokeObjectURL.

ECMAScript

var blobURLref2 = URL.createFor(file);
img1 = new Image();

img1.src = blobURLref2;

....

The example above uses URL.createFor, which allows uses such as the one above, and obviates the need for a corresponding call by the web developer to URL.revokeObjectURL.

11.7. Lifetime of Blob URLs

Each unit of related similar origin browsing contexts [HTML] must maintain a Blob URL Store which is a list of Blob URLs that have been created using URL.createObjectURL or URL.createFor, and the blob resource that each Blob URL refers to. Additionally, each unit of related similar origin browsing contexts must maintain a Revocation List, consisting of Blob URLs that have been created with the URL.createFor method. When this specification says to add an entry to the Blob URL Store the user-agent must add the Blob URL created using URL.createObjectURL or URL.createFor, and a reference to the blob it refers to, to the list. When this specification says to add an entry to the The Revocation List, user agents must add any Blob URL created with the URL.createFor method; the Revocation List is only for auto-revoking Blob URLs. The Revocation List and the Blob URL Store must be processed together as follows:

  1. Add revoking all the URLs in the Revocation List to the global script cleanup jobs list, such that the following occurs when processing the global script cleanup jobs:
    1. For each Blob URL in the Revocation List, remove the corresponding entry from the Blob URL Store. Subsequent attempts to dereference any removed Blob URL results in a network error.

    2. When all the Blob URLs in the Revocation List have had their corresponding entries in the Blob URL Store removed, remove all the Blob URLs in the Revocation List.

  2. This specification adds an additional unloading document cleanup step [HTML]: user agents must remove all Blob URLs from the Blob URL Store within that document. If these Blob URLs are dereferenced, user agents must respond with a network error.

Blob URLs that are not in the Blob URL Store may be garbage collected by the user agent. Only Blob URLs created using URL.createFor are automatically removed from the Blob URL Store. The Revocation List and the Blob URL Store are used in conjunction with the Fetch Specification [Fetch] .

12. Security Considerations

This section is informative.

This specification allows web content to read files from the underlying file system, as well as provides a means for files to be accessed by unique identifiers, and as such is subject to some security considerations. This specification also assumes that the primary user interaction is with the <input type="file"/> element of HTML forms [HTML], and that all files that are being read by FileReader objects have first been selected by the user. Important security considerations include preventing malicious file selection attacks (selection looping), preventing access to system-sensitive files, and guarding against modifications of files on disk after a selection has taken place.

Editorial note

This section is provisional; more security data may supplement this in subsequent drafts.

13. Requirements and Use Cases

This section covers what the requirements are for this API, as well as illustrates some use cases. This version of the API does not satisfy all use cases; subsequent versions may elect to address these.

14. Appendix A

This section is informative and not normative.

15.1. An ABNF for UUID

The following is an informative ABNF [ABNF] for UUID, which is a strongly encouraged choice for the opaqueString production of Blob URLs.

ABNF

	UUID                   = time-low "-" time-mid "-"
	                         time-high-and-version "-"
	                         clock-seq-and-reserved
	                         clock-seq-low "-" node
	time-low               = 4hexOctet
	time-mid               = 2hexOctet
	time-high-and-version  = 2hexOctet
	clock-seq-and-reserved = hexOctet
	clock-seq-low          = hexOctet
	node                   = 6hexOctet
	hexOctet               = hexDigit hexDigit
	hexDigit =
	         "0" / "1" / "2" / "3" / "4" / "5" / "6" / "7" / "8" / "9" /
	         "a" / "b" / "c" / "d" / "e" / "f" /
	         "A" / "B" / "C" / "D" / "E" / "F"

	

15. Acknowledgements

This specification was originally developed by the SVG Working Group. Many thanks to Mark Baker and Anne van Kesteren for their feedback.

Thanks to Robin Berjon for editing the original specification.

Special thanks to Olli Pettay, Nikunj Mehta, Garrett Smith, Aaron Boodman, Michael Nordman, Jian Li, Dmitry Titov, Ian Hickson, Darin Fisher, Sam Weinig, Adrian Bateman and Julian Reschke.

Thanks to the W3C WebApps WG, and to participants on the public-webapps@w3.org listserv

16. References

17.1. Normative references

RFC2119
Key words for use in RFCs to Indicate Requirement Levels, S. Bradner. IETF.
HTML
HTML 5.1 Nightly: A vocabulary and associated APIs for HTML and XHTML (work in progress), I. Hickson. W3C.
ProgressEvents
Progress Events, A. van Kesteren. W3C.
RFC2397
The "data" URL Scheme, L. Masinter. IETF.
Web Workers
Web Workers (work in progress), I. Hickson. W3C.
DOM4
DOM4 (work in progress), A. Gregor, A. van Kesteren, Ms2ger. W3C.
Unicode
The Unicode Standard, Version 5.2.0., J. D. Allen, D. Anderson, et al. Unicode Consortium.
RFC2616
Hypertext Transfer Protocol -- HTTP/1.1, R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, T. Berners-Lee. IETF.
RFC2046
Multipurpose Internet Mail Extensions (MIME) Part Two: Media Extensions, N. Freed, N. Borenstein. IETF.
Encoding Specification
Encoding Living Standard, A. van Kesteren, J. Bell.
Typed Arrays
Typed Arrays (work in progress), V. Vukicevic, K. Russell. Khronos Group.
RFC5234
Augmented BNF for Syntax Specifications: ABNF, D. Crocker, P. Overell. IETF.
URL API Specification
URL API (work in progress), A. Barth. W3C.
WebIDL Specification
WebIDL (work in progress), C. McCormack.
ECMAScript
ECMAScript 5th Edition, A. Wirfs-Brock, P. Lakshman et al.
MIME Sniffing
MIME Sniffing (work in progress), A. Barth, I. Hickson.
XMLHttpRequest
XMLHttpRequest Living Standard, A. van Kesteren.

17.2. Informative References

Google Gears Blob API
Google Gears Blob API (deprecated)
RFC4122
A Universally Unique IDentifier (UUID) URN Namespace, P. Leach, M. Mealling, R. Salz. IETF.
RFC3986
Uniform Resource Identifier (URI): Generic Syntax, T. Berners-Lee, R. Fielding, L. Masinter. IETF.
RFC1630
Universal Resource Identifiers in WWW, T. Berners-Lee. IETF.
RFC1738
Uniform Resource Locators (URL), T. Berners-Lee, L. Masinter, M. McCahill. IETF.
WebRTC 1.0
WebRTC 1.0, A. Bergkvist, D. Burnett, C. Jennings, A. Narayanan. W3C.
Fetch Specification
Fetch Specification, A. van Kestern. WHATWG.