Web应用程序访问用户的文件系统 [英] Web application access user's file system
问题描述
他希望在网页上看到他本地文件的列表(来自本地PC)。他意味着任何访问者都可以从某个文件夹中看到他本地文件的列表。 我知道 Web应用程序无法访问访问者的文件系统。浏览器按设计限制了这一点当然,可能会有一些浏览器扩展和小应用程序和Flash应用程序甚至黑客。但是,这不是这种情况。
我可以向他解释这个吗?他指向我的另存为或加载文件对话框,并说其他应用程序可以做到这一点。我不知道如何解释他,这只是一个浏览器的交互。
我试图谷歌的一些链接证明,但无法快速找到一些东西。您可以给我一些链接到描述无法从Web应用程序访问用户的文件夹的文件?
最后,我做了一些引文的汇编,它完成了。
https://en.wikipedia.org/wiki/JavaScript#Security
脚本运行在一个只能执行Web相关的
动作的沙箱中,而不是像创建文件那样的通用编程任务。
https://www.us-cert.gov/publications/securing-your-web-浏览器
JavaScript,也被称为ECMAScript,是一个sc用于使网站更具互动性的翻译语言。 JavaScript标准中有一些规范限制某些功能,比如访问本地文件。
https://developer.mozilla.org/en-US/docs/Web/API/File_System_API/Introduction#restrictions
因为文件系统是沙盒,所以一个web应用程序无法访问另一个应用程序的文件。您也无法将文件读取或写入用户硬盘驱动器上的任意文件夹(例如,我的图片和我的文档)。
I am creating a web application for my client. The application will be installed on a dedicated server within corporate network. He wants to see the list of his local files (from his local PC) on the web page. He means that any visitor can see the list of his local files from some folder.
I know that the web application cannot have access to visitor's file system. Browser limits this by design. Of course, there might be some browser extensions and applets and flash apps or even hacks.. But this is not that case.
But how can I explain this to him? He points me to the 'save as' or 'load file' dialogs and say that other applications can do this. I don't know how to explain him that this is just a browser's interaction.
I tried to google for some links to proofs, but cannot find something quickly.
Can you guys give me some links to the documents describing inability to access user's folder from web application?
Finally I did a compilation of some quotations and it is done..
https://en.wikipedia.org/wiki/JavaScript#Security
scripts run in a sandbox in which they can only perform Web-related actions, not general-purpose programming tasks like creating files
https://www.us-cert.gov/publications/securing-your-web-browser
JavaScript, also known as ECMAScript, is a scripting language that is used to make websites more interactive. There are specifications in the JavaScript standard that restrict certain features such as accessing local files.
https://developer.mozilla.org/en-US/docs/Web/API/File_System_API/Introduction#restrictions
Because the file system is sandboxed, a web app cannot access another app's files. You also cannot read or write files to an arbitrary folder (for example, My Pictures and My Documents) on the user's hard drive.
这篇关于Web应用程序访问用户的文件系统的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
