Menu
If you click on the Post on the top right, then drop an image onto the box, Facebook will fail to recognize it as an image and tries to read it as a link. This is not the main point though.
The weird part is that it knows what the fullpath is.
This shouldn't be happening since Chrome is sandboxed, and every path, in theory, should be changed to "fakepath" for security reasons.
Somehow Facebook managed to do that. But the question is, how?
291
To extract filename from the file, we use “GetFileName()” method of “Path” class. This method is used to get the file name and extension of the specified path string. The returned value is null if the file path is null.
You can determine the absolute path of any file in Windows by right-clicking a file and then clicking Properties. In the file properties first look at the "Location:" which is the path to the file.
Windows XP sends the whole path with the content type text/uri-list.
Here's a snippet that reproduces this fact:
<textarea ondrop="console.log(event.dataTransfer.getData('text/uri-list')); event.preventDefault();">
</textarea>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
