Re: Firefox PDF download - strange behaviour.
On Tue, 18 Jan 2022, at 04:51, songbird wrote:
> Jeremy Nicoll wrote:
>> On Mon, 17 Jan 2022, at 05:19, songbird wrote:
>>
>>> you are right, but i just wanted to say that for some sites
>>> the behavior is to generate a unique file name if they find
>>> one that already exists with the same name and for other sites
>>> it is not. i think this is dependent upon the website designers
>>> and not firefox.
>>
>> Are you saying that code on a webpage can interrogate my
>> file system to see whether certain files exist? I don't like the
>> sound of that.
>
> you are running the webpage on your browser so it is your
> own computer and your own program that is doing the accessing
> just like any other program you run.
The problem is that a user would normally only expect a browser to
save a file to the file-system in two cases:
(a) when the user has explcicitly chosen to download something, and
then chooses where to put it
(b) when the browser is cacheing content, or manipulating its own
config files
In both those cases it's code written by the browser's developers
that's doing the writing.
The new situation will allow any JS written by any page developer to
access my files. I am unconvinced that this will never lead to malware
doing things to files/folders on my system without my knowledge.
It's a BIG change to users' expectations of what a browser can do.
Users with no technical knowledge could get bitten by this.
> what controls you wish
> to put on the access to your file system and how you do that
> is up to you and your own desires and capabilities.
I don't think it should be up to me. I'd prefer to prohibit any JS
in a browser from doing that.
> but what i do is set where files are saved in a
> specific directory and leave it at that
That works fine while you can be sure that a browser is only
saving downloaded files. What about when if can do anything
it likes to any file/folder?
--
Jeremy Nicoll - my opinions are my own.
Reply to: