W3C home > Mailing lists > Public > whatwg@whatwg.org > December 2005

[whatwg] [WF2] form submission protocols and methods

From: Alexey Feldgendler <alexey@feldgendler.ru>
Date: Tue, 20 Dec 2005 10:53:17 +0600
Message-ID: <op.s12fu3ar1h6og4@localhost>
On Tue, 20 Dec 2005 08:01:27 +0600, Maciej Stachowiak <mjs at apple.com>  

> I don't think reading /dev/mouse will specifically do anything bad, but  
> I see your point. For file: in file: inclusion I think it would be wise  
> to exclude certain system paths such as /dev and /etc. I think this may  
> be done already.

I've just tried on my Opera for Linux. Opeing file:///dev/input/mice  
(that's what I have instead of /dev/mouse) simply produces a blank page.  
But opening file:///dev/random causes Opera to stop responding to UI.

I think it's the responsibility of the browser developer to know what  
file: resources of the local OS are dangerous, and to avoid opening them.  
For example, on Linux it would be a safe bet to avoid opening anything  
than regular files (i.e. character specials, block specials, fifos etc).

-- Opera M2 9.0 TP1 on Debian Linux 2.6.12-1-k7
* Origin: X-Man's Station at SW-Soft, Inc. [ICQ: 115226275]  
<alexey at feldgendler.ru>
Received on Monday, 19 December 2005 20:53:17 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:44 UTC