Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
B
B
baldr2015-11-17 03:49:45
JavaScript
baldr, 2015-11-17 03:49:45

Access to the visitor's files from the browser - how to explain what is prohibited?

I have a client who wants to get a page in the browser where the visitor can see a list of his local files from some folder...
I know this is not possible. you know it's impossible. everybody knows. but how can I explain it to him? :)
he goes to some site, there is a button "Open Files from My Computer", he clicks, sees a file selection dialog and does not believe that I can not access his local files
Maybe you know some links to Specs that browsers do not allow direct access to files?
I'm already very sleepy, I created a question on SO: stackoverflow.com/questions/33746680/web-applicati...
But maybe you will come up with something too :)
I just can’t explain in words .. I need links to specs or even just to Wikipedia, which says that this cannot be done.
I know that you can write extensions for the browser, install some client code on the client's computer, and so on.
But this option will not work, you just need to explain that such functionality is prohibited.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Stalker_RED, 2015-11-17
@baldr

In fact, if the client really wants to, you can take a version of the browser with a well-known hole, and still get access to local files.

JavaScript and the DOM provide the potential for malicious authors to deliver scripts to run on a client computer via the Web. Browser authors contain this risk using two restrictions. First, scripts run in a sandbox in which they can only perform Web-related actions, not general-purpose programming tasks like creating files.
© https://en.wikipedia.org/wiki/JavaScript#Security
This specification allows web content to read files from the underlying file system, as well as provides a means for files to be accessed by unique identifiers, and as such is subject to some security considerations. This specification also assumes that the primary user interaction is with the element of HTML forms [HTML], and that all files that are being read by FileReader objects have first been selected by the user. Important security considerations include preventing malicious file selection attacks (selection looping), preventing access to system-sensitive files, and guarding against modifications of files on disk after a selection has taken place.
© www.w3.org/TR/FileAPI/#security-discussion
UPD: You can write your own protocol: stackoverflow.com/questions/2079276/adding-smb-to-...

Report
N
nirvimel, 2015-11-17
@nirvimel

Explain this way - throw off the link, by clicking on which he will see: All your files are now encrypted , transfer $ 100500 to wallet 64578934725243457938 to get the decryption key.

Report
S
sim3x, 2015-11-17
@sim3x

Just a browser is not enough - install something like https://docs.python.org/2/library/simplehttpserver.html on the client's PC and give him the directory that he needs on the localhost.

Similar questions
T
The Dragger2015-04-03 11:25:21
Which image upload for Yii would you recommend? 4Reply
R
Rustam2021-03-28 14:42:10
Why is the verification function not working? 2Reply
C
Cesar12021-03-30 16:55:48
How to change the color at the intersection of objects? 3Reply
A
Albadur2019-09-16 22:10:11
How to install a site on Django in the ISPmanager panel? 3Reply
D
Dean Ex2015-04-25 17:09:57
Does the headphone plug affect the sound quality? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question