W3C home > Mailing lists > Public > whatwg@whatwg.org > September 2009

[whatwg] Fakepath revisited

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 14 Sep 2009 01:12:39 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0909140046350.5185@hixie.dreamhostps.com>
On Mon, 14 Sep 2009, Eduard Pascual wrote:
> 
> I already posted an example showing how fakepath can easily break 
> compatibility with well-written sites. I explicitly asked for 
> counter-arguments to it and none has been provided, but the argument 
> doesn't seem to be taken in consideration at all. Hence I'm wondering 
> how the compatibility arguments are treated here. Is compatibility with 
> an unknown-size niche of clearly bad-designed sites more important than 
> with potentially thousands of well-designed ones?

Dropping part of the file name in the rare case of a filename that 
contains a backslash seems like less of an issue that failing to accept 
the upload at all.


On Mon, 14 Sep 2009, Robert O'Callahan wrote:
> 
> This is a very minor issue and I'm fine with adding this to Gecko, 
> personally, except that first I really would like to see some specific 
> examples of sites that need this. There remains the faint possibility 
> that these sites already work in Firefox for some reason, and I'd like 
> to understand why, or if they don't, then I'd like to understand why we 
> haven't felt the need for this hack. Plus I think that in the spirit of 
> making decisions based on data, we should expect actual data to be 
> presented if possible, especially if requested, and here it seems like 
> it should be easy, yet I asked for specific examples earlier and none 
> have been forthcoming.

Here are some bug reports that I believe are caused by this issue:

   http://forums.linksysbycisco.com/linksys/board/message?board.id=Wireless_Routers&message.id=135649
   http://www.dslreports.com/forum/r21297706-Re-Tweak-Test-Need-help-tweaking
   http://www.rx8club.com/showpost.php?s=42aad353530dfa4add91a1f2a67b2978&p=2822806&postcount=3269

Based on this my guess is just that people haven't filed this bug because 
they haven't thought of it as a browser bug (notice how nobody in those 
threads even mentions the browser).

One of the sites I know aout that had this bug in Firefox and Safari was:

   https://www.freedfm.com/

...but it has now been fixed (search for 'strFileName.indexOf("\\")' in 
the source -- it was commented out last year).

Microsoft, in their blog post, refer to a number of other sites they 
tested, though they don't name them:

   http://blogs.msdn.com/ie/archive/2009/03/20/rtm-platform-changes.aspx

I would love more data.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Sunday, 13 September 2009 18:12:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:52 UTC