Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Web application access user's file system

Tags:

javascript

security

filesystems

web

I am creating a web application for my client. The application will be installed on a dedicated server within corporate network. He wants to see the list of his local files (from his local PC) on the web page. He means that any visitor can see the list of his local files from some folder.

I know that the web application cannot have access to visitor's file system. Browser limits this by design. Of course, there might be some browser extensions and applets and flash apps or even hacks.. But this is not that case.

But how can I explain this to him? He points me to the 'save as' or 'load file' dialogs and say that other applications can do this. I don't know how to explain him that this is just a browser's interaction.

I tried to google for some links to proofs, but cannot find something quickly.

Can you guys give me some links to the documents describing inability to access user's folder from web application?

like image 581
baldr Avatar asked Nov 16 '15 23:11

baldr

2 Answers

Finally I did a compilation of some quotations and it is done..

https://en.wikipedia.org/wiki/JavaScript#Security

scripts run in a sandbox in which they can only perform Web-related actions, not general-purpose programming tasks like creating files

https://www.us-cert.gov/publications/securing-your-web-browser

JavaScript, also known as ECMAScript, is a scripting language that is used to make websites more interactive. There are specifications in the JavaScript standard that restrict certain features such as accessing local files.

https://developer.mozilla.org/en-US/docs/Web/API/File_System_API/Introduction#restrictions

Because the file system is sandboxed, a web app cannot access another app's files. You also cannot read or write files to an arbitrary folder (for example, My Pictures and My Documents) on the user's hard drive.

like image 64
baldr Avatar answered Sep 23 '22 03:09

baldr

Mozilla. File System API Restrictions

Because the file system is sandboxed, a web app cannot access another app's files. You also cannot read or write files to an arbitrary folder (for example, My Pictures and My Documents) on the user's hard drive.

like image 20
Maksim Avatar answered Sep 21 '22 03:09

Maksim
Sign in to Comment

Related questions

packing irregular circles on surface of a sphere
Test how API handles invalid JSON syntax request body using node.js
d3 js Hierarchical edge bundling Data Format
How do you get p5.js into a website?
owl carousel scroll to clicked item
Kendo Grid and ui-sref rounding up number
Angular Routes / input autofocus
Meteor WebSocket connection to 'ws://.../websocket' failed: Error during WebSocket handshake: Unexpected response code: 400
How to open a local file with Javascript FileReader()
Using Jquery inside AngularJS directive good or bad idea?
How do pipe (stream of Node.js) and bl (BufferList) work together?
How to combine multiple FIlters together to filter Task Rows using jQuery?
Why is negative margin not working?
jquery file stops page title from showing
Nvd3.js - Adding multiple y-axis to cumulative chart
Making ElementArrayFinder from an array of ElementFinders
ASP.NET MVC Page not Updated when using AJAX
Owl Carousel video not responsively resizing
Make 'dropdown-content' same width as paper-dropdown-menu?
Setting up multiple forms / validations on same page

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!