Closed
Bug 561430
Opened 14 years ago
Closed 14 years ago
html <input type=file> returns only filename not fully path + filename
Categories
(SeaMonkey :: General, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 405630
People
(Reporter: info, Unassigned)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.9) Gecko/20100317 SeaMonkey/2.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.9) Gecko/20100317 SeaMonkey/2.0.4 a) focus is not set correctly to open as button on call of html file containing <input type=file ...> b) path returned by file open dialog contains only filename without any path Reproducible: Always Steps to Reproduce: 1.produce html file with <input type=file accept="image/*" name=test onchange="alert(this.value)> 2.run html file and run file dialog 3.alert contains only filename, not fully path to file Actual Results: a) no focus on open file button b) no fully path returned c) no crash, no error reported Expected Results: return fully path as on seamonkey 1.1.8 firefox 3.6 produces same result but focus on open button (input type=file) is correct set
|
||
Comment 1•14 years ago
|
||
b) is prevented for privacy reasons. On UNIX like systems it can disclose your user name which is often present in the file path.
(In reply to comment #1) > b) is prevented for privacy reasons. On UNIX like systems it can disclose your > user name which is often present in the file path. why does this works on seamonkey 1.1.8 very well ?
|
||
Comment 3•14 years ago
|
||
because the privacy issue got fixed in Gecko 1.9 (dupe of bug 405630 )
Is it possible to get fully path information with "signed.applets.codebase_principal_support;true" as workaround ? We need fully path information for a link list as on seamonkey 1.1.8
according to the other bug, if you establish permissions correctly, yes.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Why is there no switch in options or about:config for this, so the user should decide ? Our intranet applications does not work properly on seamonkey 2.0.x or firefox due to this change in handling of <input type=file>.
prefs for this would be used by people who wouldn't understand the risk. they'd forget they've enabled it and would be exploited by the web at large. fix your web application.
And what about prefs for javascript especially for hiding windows and hiding of statusline ? Do people understand the risk ? Why didn't you fix it in seamonkey 1.x if it is actually a severe security issue ? It's not the point to fix it with some lines of php. The question is why do we need html at all ? I hope in html5 there will be no <input type=file> included because it is useless.
the status line's data is unreliable (onmouseover window.status=, or onclick window.location=), so hiding it isn't relevant. if the user doesn't care about misleading and unreliable hints, then there's no reason for us to care either. we don't support "hiding windows", so i'm not sure what you're talking about (nor do i care in this bug. if you want to rant, please use a support channel). however i do know that you're wasting my time. this is not a support channel, and i'm not paid to answer your questions. as a general rule, we don't make changes in minor versions which could cause incompatible behaviors. the behavior you're relying on worked in seamonkey 1.1, if we broke it, then you'd decide that security updates are bad and not update. for a major version update, we're more willing to make changes which might break web applications.
Status: RESOLVED → VERIFIED
|
Reporter | |
Comment 10•14 years ago
|
||
on google try the following: firefox input type=file
|
||
Comment 11•14 years ago
|
||
most of the hits talk about styling it. thanks for giving me a useless query. please deposit 25USD.
You need to log in
before you can comment on or make changes to this bug.
Description
•