<html>
<head>
<style>
P
{
margin:0px;
padding:0px
}
body
{
FONT-SIZE: 10pt;
FONT-FAMILY:Tahoma
}
</style>
</head>
<body>I used to like this this way of thinking, but past years is has become<BR>
a stereotype. Every jerk will come up and say just about that, don't<BR>
you think so? <BR>
<BR>
Some say:<BR>
> No, because it would be a major security issue. :-)<BR>
<BR>
No,<BR>not at all!<BR>
<BR>
There is nothing you can do with the contents of the image tag, except<BR>
display it (!your own image) on your own browser window, and after it gets<BR>
displayed and available (on your browser chache) you can retrieve the <BR>
image size and other properties as with any other image, but nothing more!<BR>
<BR>
What else could a malicious coder achieve with this?<BR>
<BR>
--<BR>
For this solution, to become fully functional in practice, it is necesary <BR>
to modify it in a proper way so the script would work in firefox also.<BR>
firefox will require a combined escaped version of the file address!<BR>
<BR>
> When the image in question is *on the local machine* IE7 reports a<BR>> fileSize of -1; didn't try it with any older versions, though.<BR><BR>
If I find time, I will look into this...<BR>
<BR>
Regards and thank's for your feedback<BR>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <BR> Troy III <BR> progressive art enterprise<BR>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<BR><BR><BR><BR>
<HR id=stopSpelling>
<BR>
> Date: Sat, 14 Jul 2007 13:03:20 -0700<BR>> From: hassan@webtuitive.com<BR>> To: javascript@LaTech.edu<BR>> Subject: Re: [Javascript] Resizing images client-side<BR>> <BR>> Troy III Ajnej wrote:<BR>> <BR>> > > Would love to see what you might make.<BR>> > <BR>> > Doesn't everybody, including myself, hope and expect my statement<BR>> > to be true to a certain extent?<BR>> <BR>> No, because it would be a major security issue. :-)<BR>> <BR>> > This will work on IE version browsers for sure<BR>> <BR>> Bzzzt! Nope, sorry.<BR>> <BR>> When the image in question is *on the local machine* IE7 reports a<BR>> fileSize of -1; didn't try it with any older versions, though.<BR>> <BR>> -- <BR>> Hassan Schroeder ----------------------------- hassan@webtuitive.com<BR>> Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com<BR>> <BR>> dream. code.<BR>> <BR>> _______________________________________________<BR>> Javascript mailing list<BR>> Javascript@LaTech.edu<BR>> https://lists.LaTech.edu/mailman/listinfo/javascript<BR><BR><br /><hr />Missed the show? Watch videos of the Live Earth Concert on MSN. <a href='http://liveearth.msn.com' target='_new'>See them now!</a></body>
</html>