Can I kill option 1 right away? Capturing file:// in the browser won't even work as a band-aid in the short term. All it would take to get around that would be for me to open a page that contains some links to file: URLs and navigate to them. Yes, we have an API to intercept navigations in the main frame, but then I could get around that by making sure they navigate a subframe. Even if we had an API to intercept subframe navigations (and we definitely shouldn't), a webpage can still embed media or image elements pointing to file: URLs (of course, same origin restrictions prevent a remote attacker from being able to access the contents them, but a page can still display them to the user).
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1393515 Title: browser allows browsing the phone filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1393515/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
