From: Scott Ferguson <prettyfly.producti...@gmail.com> Date: Mon, 13 Jun 2011 15:30:27 +1000 > To clarify - is it only you that needs to be able to use this file link??
Yes, only me. The objective is to simplify my testing procedure. Of course, the time I've spent to understand it probably outweighs the time that will be saved. > If so - would you only be accessing it from Dalton (or where)?? Yes, only from Dalton. > Yes - that is as it should be. A web page should only be able to load a > file from within it's *purview*. So a http link should point to > somewhere within the root of the web server (eg. /var/www or > ~/public_html), and a file link should point to somewhere on the same > machine the link is served from (think of the authentication). Sorry to say, I have an argument. Consider the principle of user centrism. "http://en.wikipedia.org/wiki/User_centered_design"; Suppose user X sits in front of the console showing the Iceweasel interface and sees the text "file:///"<path>. Is that file URI any different whether it came from a remote machine or was typed in by X or was pasted to the URI bar from the clipboard. No. In all cases it is still that same text residing in a buffer used by Iceweasel. Furthermore, that file URI always refers the local filesystem; even if the "file:///"<path> was retrieved from a remote system. Therefore the browser should open the file URI equally well, regardless of origin. If a remotely originated file URI, or any URI, can be blocked from opening, OK; but the blockage should be configurable. Not hard coded. > So a http link should point to somewhere within the root of the web server ... Many Web pages contain links to pages on remote servers. > ... a file link should point to somewhere on the same machine the link is > served from ... "file:///"<path> is equivalent to "file://localhost/"<path>. This should be true regardless of the origin of the URI text. Where a file URI poses a significant threat, block it. The circumstance of viewing a file URI doesn't change its meaning. As I undertand http://kb.mozillazine.org/Security_Policies , Iceweasel with the correct settings in /etc/iceweasel/pref/iceweasel.js should open the file URI as I describe. Does Iceweasel have a problem not existing in Mozilla? A Mozilla forum or mailing list might help. Also I can file a bug report against Iceweasel and see what the maintainers say. Thanks for the extensive discussion, ... Peter E. -- Telephone 1 360 450 2132. bcc: peasthope at shaw.ca Shop pages http://carnot.yi.org/ accessible as long as the old drives survive. Personal pages http://members.shaw.ca/peasthope/ . -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/171057038.78606.51225@cantor.invalid
