@chrisccoulson and @ken-vandine: I think that what we can do is leave file:// alone and let apparmor policy make sure it can only access what is needed behind the scenes (already works for webapps). Then for File/Open style-functionality (eg, in convergence) we do the content-hub file-picker as you suggested.
This means that file:// specified in the location bar is pretty limited-- I wonder if it is worth disabling (but probably not, it will have some utility in the app-specific areas) or oxide/webbrowser-app could check the return code and return something more helpful than a blank page. IMHO, returning a blank page for file:// accesses outside of the app-specific areas is of course fine security-wise and is a matter of UX. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1393515 Title: browser allows browsing the phone filesystem To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1393515/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
