- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 26 Oct 2010 12:15:41 +0200
On Thu, 21 Oct 2010 02:20:57 +0200, Daniel Cheng <dcheng at chromium.org> wrote: > To clarify, I wasn't proposing that pages need to know details of a > particular OS. Things like "text/plain", "text/uri-list", "text/html", > etc. are automatically mapped by the UA to whatever the appropriate > platform > idiom is. > > I just thought it would be useful to also expose things that the UA > itself doesn't natively understand--it just gets passed through to the > web content. I was saying that if you get this on one OS but not another you might get pages that depend on a particular OS if not coded carefully. > However, this led to the above problem with filenames being exposed. This > can, to some extent, be mitigated by blacklisting certain types; I'm just > wondering if people feel that the additional utility is worth the risk of > potentially exposing file paths because of a chatty file manager, or if > anyone has any ideas on how to mitigate this risk. It should probably work with a whitelist. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 26 October 2010 03:15:41 UTC