[Discuss] html issue
John Abreau
abreauj at gmail.com
Sun Jun 5 12:35:41 EDT 2022
Just noticed this uread thread in my inbox.
The issue is firefox, and I imagine, other web browsers, won't follow
file:// urls from a web page; such urls work when entered directly at the
address bar, but be ignored when placed within an html document. I believe
it's a security measure intended to thwart cross-site scripting attacks.
On Thu, Apr 7, 2022 at 5:34 PM dan moylan <jdm at moylan.us> wrote:
>
> gregory galperin wrote:
> > On Thu, Apr 07, 2022 at 03:28:30PM -0400, dan moylan wrote:
> > >
> > > dale worely wrote:
> >
> > > > On Thu, Apr 07, 2022 at 02:30:26PM -0400, dan moylan wrote:
> > > > > i'm probably shooting myself in the foot somewhere. note the
> > > > > attached file at the end (tst.htm). when i invoke this
> > > > > directly (file:///home/moylan/www/moy/lnk/tst.htm), FLI-?
> > > > > works in each and every instance. when i call this file
> > > > > from a link on my home page (which consists of a nest of
> > > > > several frames), i see:
> > > > >
> > > > > FLI-0: nothing
> > > > > FLI-1: The requested URL was not found on this server.
> > > > > FLI-2: aok
> > > > > FLI-3: aok
> > > > > FLI-4: aok
> > > > > FLI-5: The requested URL was not found on this server.
> > > > > FLI-6: The requested URL was not found on this server.
> > > > >
> > > > > in any event, my immediate issue is resolved (i can do what
> > > > > i need to do), but i'm still curious as to what's going on.
> > > > >
> > > > > thanks all for looking at my issue.
> > > > >
> > > > > ole dan
> > > >
> > > > <html>
> > > > <head>
> > > > <base target="_top">
> > > > <title>"TST"</title>
> > > > </head>
> > > > <body>
> > > > <div alignÎnter>
> > > > <b><font size=+2>TST</b></font><hr>
> > > > </div>
> > > > <ul>
> > > > <li><a href="file:///home/moylan/www/moy/lnk/htm/fli.htm">FLI-0</a>
> > > > <li><a href="/home/moylan/www/moy/lnk/htm/fli.htm">FLI-1</a>
> > > > <li><a href="htm/fli.htm">FLI-2</a>
> > > > <li><a href="../lnk/htm/fli.htm">FLI-3</a>
> > > > <li><a href="../../moy/lnk/htm/fli.htm">FLI-4</a>
> > > > <li><a href="../../../www/moy/lnk/htm/fli.htm">FLI-5</a>
> > > > <li><a href="../../../../moylan/www/moy/lnk/htm/fli.htm">FLI-6</a>
> > > > </ul>
> > > > </body>
> > > > </html>
> > >
> > > > that looks like the browser process doesn't have privs to
> > > > access anything "above" /home/moylan/www/ -- what's the
> > > > user, group, chmod on those dirs above, what uid & gid is
> > > > the browser process running as?
> > >
> > > not so -- when tst.htm was invoked directly, and not via
> > > another link, there were no priv issues, and the browser
> > > accessed the file just fine in every instance, including
> > > "above" /home/moylan/www.
>
> > I'm reaching a bit, but I could imagine the browser knowing what its
> > working dir is and stripping that off an absolute path to use a relative
> > path below it.
>
> that would not provide an explanation for why tst.htm would
> work perfectly when invoked on its own, but not when called
> from another link from my home page. actually i tried
> calling it from just another link and it functioned
> perfectly.
>
> > got another explanation? ;)
>
> something to to with frames? if so too abstruse for me.
>
> > another thing I wondered was whether any of these dirs were symlinks,
> since
> > in that case ../dirsymlink/ isn't a no-op.
>
> no symlinks in the path.
>
> thanks for the help,
> ole dan
>
> j. daniel moylan
> 84 harvard ave
> brookline, ma 02446-6202
> 617-777-0207 (cel)
> jdm at moylan.us
> www.moylan.us
> [BLM]
> _______________________________________________
> Discuss mailing list
> Discuss at lists.blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
--
John Abreau / Executive Director, Boston Linux & Unix
Email: abreauj at gmail.com / WWW http://www.abreau.net / PGP-Key-ID 0x920063C6
PGP-Key-Fingerprint A5AD 6BE1 FEFE 8E4F 5C23 C2D0 E885 E17C 9200 63C6
More information about the Discuss
mailing list