On Sat, Jan 9, 2010 at 2:44 AM, Victor Khimenko <k...@google.com> wrote:
> > On Sat, Jan 9, 2010 at 6:08 AM, Antoine Labour <pi...@google.com> wrote: > >> >> How about: >> >> int fd = open(file_or_url, O_RDONLY); >> if (fd >= 0) { >> close(fd); >> OpenLocalFile(file_or_url); >> } else { >> OpenURL(file_or_url); >> } >> >> Security risk. It's fine for interactive work (eve then it's risky), but > when script opens the file and you can shove local file where remote is > expected or vice versa... Think about it: > > $ mkdir https: > $ echo test > https://mail.google.com > $ cat https://mail.google.com > test > > Oops? > > I'm not sure I understand the security risk... If an attacker is able to write files on my disk I have a lot more things to worry about than my browser spoofing urls. In any case you can always OpenURL(string("file://") + urlencode(file_or_url)) instead of OpenLocalFile Antoine
-- Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev