[Javascript] RE: Opening file on server from client PC via link

Peter Brunone peter at brunone.com
Wed Nov 14 11:50:49 CST 2001 

    Once again, you're trying to open a file on the client PC, as evidenced
by the fact that the path begins with a drive letter.
You...can't...do...that.  I don't know how else to say it.  If you find a
way, then it's a security hole that should be reported to the browser
vendor.

    You can open files from the server, but then the path will be of the
form "servername/foldername/filename.ext", or possibly just
"folder/file.ext" or "file.ext", with the rest of the path implied... but
you are simply not allowed to open client files automatically from a web
page.

| (I can recall instances where I went
| to save files and it ended up trying to go to the floppy disk for
example).

    The default path to save files has very little, if anything, to do with
auto-opening a client file through the browser.  AFAIK, it's determined by
either a browser setting or the last place you saved something.  As always,
let me know if I'm totally misunderstanding your question, but it seems like
you're still trying to do the same thing, which shouldn't be allowed.

Cheers,

Peter

----- Original Message -----
From: <phumes1 at home.com>
To: <javascript at LaTech.edu>
Sent: Wednesday, November 14, 2001 7:34 AM
Subject: [Javascript] RE: Opening file on server from client PC via link


|
| Hi,
|
| Yes...me again!
|
| I'm using the following code to open a file in UltraEdit. It's working
| except for the file path specified in the editor when the file gets
opened.
|
| <header name="Content-Disposition" value="inline; filename=test.dat">
| <content type="application/dat" file="d:/dir1/subdir1/test.dat"
| deletefile="No">
|
|
|
| [D:\Documents and Settings\user.name\Local Settings\Temporary Internet
| Files\Content.IE5\SD6XVCDR\filename[1].dat]
|
| Below is a reply I received from a forum regarding my problem.
|
| <quote>
|
| Not. RFC 2616 explicitly forbids the interpreation of path info by a
| browser because it could be a security risk. So your browser will not pass
| this info on to UltraEdit.
|
| </quote>
|
| This is correct but I think it was an intentional interpretation. I know
| that people have "hacked" around this (I can recall instances where I went
| to save files and it ended up trying to go to the floppy disk for
example).
|

More information about the Javascript mailing list