On Sat, Jan 9, 2010 at 2:44 AM, Victor Khimenko <k...@google.com> wrote:
>
> On Sat, Jan 9, 2010 at 6:08 AM, Antoine Labour <pi...@google.com> wrote:
>
>>
>> How about:
>>
>> int fd = open(file_or_url, O_RDONLY);
>> if (fd >= 0) {
>> close(fd);
>> OpenLocalFile(file_or_url);
>> } else {
>> OpenURL(file_or_url);
>> }
>>
>> Security risk. It's fine for interactive work (eve then it's risky), but
> when script opens the file and you can shove local file where remote is
> expected or vice versa... Think about it:
>
> $ mkdir https:
> $ echo test > https://mail.google.com
> $ cat https://mail.google.com
> test
>
> Oops?
>
>
I'm not sure I understand the security risk... If an attacker is able to
write files on my disk I have a lot more things to worry about than my
browser spoofing urls.
In any case you can always OpenURL(string("file://") +
urlencode(file_or_url)) instead of OpenLocalFile
Antoine
--
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
