W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: HTTP status code equivalents for file:// operations - compat with xhr

From: Michael A. Puls II <shadow2531@gmail.com>
Date: Tue, 18 Aug 2009 18:38:00 -0400
To: "Adam Barth" <w3c@adambarth.com>
Cc: timeless@gmail.com, "Anne van Kesteren" <annevk@opera.com>, public-webapps@w3.org
Message-ID: <op.uyvqhmfb1ejg13@sandra-svwliu01>
On Tue, 18 Aug 2009 18:10:41 -0400, Adam Barth <w3c@adambarth.com> wrote:

> On Tue, Aug 18, 2009 at 2:59 PM, Michael A. Puls  
> II<shadow2531@gmail.com> wrote:
>> So, if you access the abarth directory in your browser's address field,
>> it'll say:
>> file:///afs/cs.stanford.edu/u/abarth (or
>> file://localhost/afs/cs.stanford.edu/u/abarth in Opera)
>> ?
> Yep.

O.K. Thanks.

>> If so, then indeed the access has to be further restricted by the  
>> directory
>> also.
>> Or, does it say something else?
> The point I'm trying to make is that the security model for file URLs
> is tricky.

Point definitely taken.

> Mozilla does indeed separate by directory in an
> interesting way.

Is the exact way documented that you know of?

>  When interacting with the file system, we should be
> careful to consider non-Windows file systems as well.

Point taken.

> We haven't even gotten into the fun of the /dev or /proc directories  
> yet.  :)

If you have access to dev and try to load a path to a current device, what  
happens in browsers currently?

Received on Tuesday, 18 August 2009 22:38:46 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:18 UTC