- From: Adam Barth <w3c@adambarth.com>
- Date: Tue, 18 Aug 2009 15:10:41 -0700
- To: "Michael A. Puls II" <shadow2531@gmail.com>
- Cc: timeless@gmail.com, Anne van Kesteren <annevk@opera.com>, public-webapps@w3.org
On Tue, Aug 18, 2009 at 2:59 PM, Michael A. Puls II<shadow2531@gmail.com> wrote: > So, if you access the abarth directory in your browser's address field, > it'll say: > > file:///afs/cs.stanford.edu/u/abarth (or > file://localhost/afs/cs.stanford.edu/u/abarth in Opera) > ? Yep. > If so, then indeed the access has to be further restricted by the directory > also. > > Or, does it say something else? The point I'm trying to make is that the security model for file URLs is tricky. Mozilla does indeed separate by directory in an interesting way. When interacting with the file system, we should be careful to consider non-Windows file systems as well. We haven't even gotten into the fun of the /dev or /proc directories yet. :) Adam
Received on Tuesday, 18 August 2009 22:11:41 UTC