Web 应用程序访问用户的文件系统 [英] Web application access user's file system
问题描述
我正在为我的客户创建一个 Web 应用程序.该应用程序将安装在公司网络内的专用服务器上.他想在网页上查看他的本地文件列表(来自他的本地 PC).他的意思是任何访问者都可以从某个文件夹中看到他的本地文件列表.
I am creating a web application for my client. The application will be installed on a dedicated server within corporate network. He wants to see the list of his local files (from his local PC) on the web page. He means that any visitor can see the list of his local files from some folder.
我知道 Web 应用程序无法访问访问者的文件系统.浏览器通过设计限制了这一点.当然,可能会有一些浏览器扩展、小程序和 Flash 应用程序,甚至黑客......但事实并非如此.
可是我怎么跟他解释呢?他将我指向另存为"或加载文件"对话框,并说其他应用程序可以执行此操作.不知道怎么跟他解释这只是浏览器的交互.
But how can I explain this to him? He points me to the 'save as' or 'load file' dialogs and say that other applications can do this. I don't know how to explain him that this is just a browser's interaction.
我试图用谷歌搜索一些证明的链接,但无法快速找到.
I tried to google for some links to proofs, but cannot find something quickly.
你们能给我一些描述无法从网络应用程序访问用户文件夹的文档的链接吗?
Can you guys give me some links to the documents describing inability to access user's folder from web application?
推荐答案
最后整理了一些语录,大功告成..
Finally I did a compilation of some quotations and it is done..
https://en.wikipedia.org/wiki/JavaScript#Security
脚本在沙箱中运行,在沙箱中它们只能执行与 Web 相关的操作,而不是像创建文件这样的通用编程任务
scripts run in a sandbox in which they can only perform Web-related actions, not general-purpose programming tasks like creating files
https://www.us-cert.gov/publications/securing-your-web-浏览器
JavaScript,也称为 ECMAScript,是一种脚本语言,用于使网站更具交互性.JavaScript 标准中有一些规范限制某些功能,例如访问本地文件.
JavaScript, also known as ECMAScript, is a scripting language that is used to make websites more interactive. There are specifications in the JavaScript standard that restrict certain features such as accessing local files.
https://developer.mozilla.org/en-US/docs/Web/API/File_System_API/Introduction#restrictions
因为文件系统是沙盒化的,一个网络应用程序不能访问另一个应用程序的文件.您也无法在用户硬盘上的任意文件夹(例如,我的图片和我的文档)中读取或写入文件.
Because the file system is sandboxed, a web app cannot access another app's files. You also cannot read or write files to an arbitrary folder (for example, My Pictures and My Documents) on the user's hard drive.
这篇关于Web 应用程序访问用户的文件系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
