On Thu, 21 Oct 2010 02:20:57 +0200, Daniel Cheng <[email protected]>
wrote:
To clarify, I wasn't proposing that pages need to know details of a
particular OS. Things like "text/plain", "text/uri-list", "text/html",
etc. are automatically mapped by the UA to whatever the appropriate
platform
idiom is.
I just thought it would be useful to also expose things that the UA
itself doesn't natively understand--it just gets passed through to the
web content.
I was saying that if you get this on one OS but not another you might get
pages that depend on a particular OS if not coded carefully.
However, this led to the above problem with filenames being exposed. This
can, to some extent, be mitigated by blacklisting certain types; I'm just
wondering if people feel that the additional utility is worth the risk of
potentially exposing file paths because of a chatty file manager, or if
anyone has any ideas on how to mitigate this risk.
It should probably work with a whitelist.
--
Anne van Kesteren
http://annevankesteren.nl/
