- From: Michael A. Puls II <shadow2531@gmail.com>
- Date: Tue, 18 Aug 2009 18:38:00 -0400
- To: "Adam Barth" <w3c@adambarth.com>
- Cc: timeless@gmail.com, "Anne van Kesteren" <annevk@opera.com>, public-webapps@w3.org
On Tue, 18 Aug 2009 18:10:41 -0400, Adam Barth <w3c@adambarth.com> wrote: > On Tue, Aug 18, 2009 at 2:59 PM, Michael A. Puls > II<shadow2531@gmail.com> wrote: >> So, if you access the abarth directory in your browser's address field, >> it'll say: >> >> file:///afs/cs.stanford.edu/u/abarth (or >> file://localhost/afs/cs.stanford.edu/u/abarth in Opera) >> ? > > Yep. O.K. Thanks. >> If so, then indeed the access has to be further restricted by the >> directory >> also. >> >> Or, does it say something else? > > The point I'm trying to make is that the security model for file URLs > is tricky. Point definitely taken. > Mozilla does indeed separate by directory in an > interesting way. Is the exact way documented that you know of? > When interacting with the file system, we should be > careful to consider non-Windows file systems as well. Point taken. > We haven't even gotten into the fun of the /dev or /proc directories > yet. :) If you have access to dev and try to load a path to a current device, what happens in browsers currently? -- Michael
Received on Tuesday, 18 August 2009 22:38:46 UTC