Ian Clelland created CB-5960:
--------------------------------
Summary: File API mishandles relative URLs that traverse
directories above the FS root
Key: CB-5960
URL: https://issues.apache.org/jira/browse/CB-5960
Project: Apache Cordova
Issue Type: Bug
Reporter: Ian Clelland
Filesystem URLs should not be able to use ".." path components to reach outside
of their sandbox. From the File API, ".." relative to a path resolves to the
paths parent directory, and the parent directory of the filesystem root is
itself.
So, if {{root}} is a DirectoryEntry representing the root of a filesystem, then
{code}
root.getFile("../file.txt", ...);
{code}
and
{code}
root.getFile("/file.txt", ...);
{code}
should resolve to the same file.
{code}
root.getDirectory("subdir_a/subdir_b", function(entry) {
entry.getFile("../file.txt", ...);
}, ...);
{code}
should resolve to "/subdir_a/file.txt"
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
