Open Bug 480764 Opened 13 years ago Updated 9 years ago

Local files with <input type="file"> should be allowed to see some full paths

Categories

(Core :: Layout: Form Controls, enhancement)

x86
macOS
enhancement
Not set
normal

Tracking

()

People

(Reporter: jruderman, Unassigned)

References

Details

(Keywords: testcase)

Attachments

(1 file)

Local files containing <input type="file"> should be allowed to see the full path if they're allowed to read the file (e.g. same directory or subdirectory).

Not a dup of bug 405630, since that's about reverting the security fix everywhere; this bug just wants it reverted for cases where the file can be read anyway.

Suggested by nemo:
http://www.squarefree.com/2009/02/05/file-upload/#comment-4582
Why? I sort of like being cosistent. And what if the user creates a sub directory with a sensitive name?
Was any luck on this, still we are unable to get the full path from file upload control but in IE it's working fine. We are able to get the full path in IE.
Was any luck on this, still we are unable to get the full path from file upload control but in IE it's working fine. We are able to get the full path in IE.
If we relax this security policy, it should probably follow security.fileuri.strict_origin_policy, only revealing the full path of files the current page can read.
You need to log in before you can comment on or make changes to this bug.