W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: HTTP status code equivalents for file:// operations - compat with xhr

From: Adam Barth <w3c@adambarth.com>
Date: Tue, 18 Aug 2009 15:10:41 -0700
Message-ID: <7789133a0908181510h5adbabe1jab1d5b9145300b57@mail.gmail.com>
To: "Michael A. Puls II" <shadow2531@gmail.com>
Cc: timeless@gmail.com, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org
On Tue, Aug 18, 2009 at 2:59 PM, Michael A. Puls II<shadow2531@gmail.com> wrote:
> So, if you access the abarth directory in your browser's address field,
> it'll say:
>
> file:///afs/cs.stanford.edu/u/abarth (or
> file://localhost/afs/cs.stanford.edu/u/abarth in Opera)
> ?

Yep.

> If so, then indeed the access has to be further restricted by the directory
> also.
>
> Or, does it say something else?

The point I'm trying to make is that the security model for file URLs
is tricky.  Mozilla does indeed separate by directory in an
interesting way.  When interacting with the file system, we should be
careful to consider non-Windows file systems as well.

We haven't even gotten into the fun of the /dev or /proc directories yet.  :)

Adam
Received on Tuesday, 18 August 2009 22:11:41 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:33 GMT