Posted by David E. Ross on 03/08/07 00:52

Mike.Duffy wrote:
> "David E. Ross" <nobody@nowhere.not> wrote in
> news:yJOdnahqQeUhsHvYnZ2dnUVZ_qrinZ2d@iswest.net:
>
>> Mike.Duffy wrote:
>>> What is the default directory in the client file system that is used
>>> for file urls?
>
>> In general, an attempt to access a file from a local file system via a
>> Web page on a Web server will fail. Most newer browsers will reject
>> the attempt
>
> I discovered by trial & error that it does work, (IE6SP1) and the default
> is "C:\". The syntax is very specific. On the server, you can put the
> full path, i.e. within url
>
> http://index.htm
>
> you can use
>
> <a href="file://C:/Sub_dir/Index.htm">Click Here!</a>
>
> as well, you can use just the file name, but not as expected.
>
>
> This works:
>
> <a href="file:/Index.htm">Click Here!</a>
>
>
> but you cannot use:
>
> <a href="file:Index.htm">Click Here!</a>
>
> nor
>
> <a href="file://Index.htm">Click Here!</a>
>
> For unknow reasons, it takes a long time (~30 sec) to fail.
>
>
> An interesting sidenote is that you can use:
>
> <a href="file://server/share/Index.htm">Click Here!</a>
>
> to access a shared resource.
>
> <img ..> tags work perfectly as well. Note that there is a limit on the
> length of the string. The above "full" path works, but not the complete
> "My Documents" path.
>
> I also tried putting an "exe" file as a reference, but it just displays
> all of the files in the directory instead of executing the file. (Kudos
> to MS for not leaving a huge security hole here!)
>
> Another interesting thing is that if you type a file url directly into
> the address bar, environment variables are actually expanded!, i.e.:
>
> file://%SystemRoot%/Index.htm
>
> will look for "Index.htm" in C:\Windows\System". However, if the %..%
> string is within an existing file (i.e. the http file), they will not be
> expanded on the client system.

You are citing IE6. On a Web page loaded from an external Web server, I
believe IE7 and newer Mozilla browsers will not load a file from a local
machine. It likely won't work also from Opera or Safari.

Accessing a local file from the Internet as if it were a Web page is
considered a security vulnerability. However, there are ways for a user
to upload a local file to a server. For an example, go to
<http://validator.w3.org/> and scroll down to "Validate by File Upload".

--
David E. Ross
<http://www.rossde.com/>

Natural foods can be harmful: Look at all the
people who die of natural causes.

• Next in forum: Need directions with 3-cols fixed width/height layout with expandable images on both sides of text
• Prev in forum: CSS-style XML Definition List?
• Thread view: Re: Default dir for file urls.

[Reply to this message]