Hallo!

We have troubles (post XP SP2) to open local folders from the web application:

- the web application allows users to select a local file (input type=file)
- the system DOES NOT upload the file but stores the path to the folder containing this file into a
database.
- the path to the local folder is linked as <a href=file:///blablabla/folder>Open folder</a>
- we used to be able to open the folder by clicking on the link above but SP2 blocks content that
does not originate from the same source as the rest of the application which is usually good ;)

Is there a way to circumvent this limitation cause it renders a large part of our application
useless??

Thanks!
Yuri

Yuri Vorontsov wrote:[color=blue]
> We have troubles (post XP SP2) to open local folders from the web application:[/color]

The first problem is IE. Switch to a better browser like Firefox or
Opera. I believe they will also prevent this too, but you and the rest
of the world will be much better off using standards compliant browsers.
[color=blue]
> - the web application allows users to select a local file (input type=file)
> - the system DOES NOT upload the file but stores the path to the folder containing this file into a
> database.[/color]

Then why are you using a file input control? They are designed to
submit the file, not the file name and path, when the form is submitted.
[color=blue]
> - the path to the local folder is linked as <a href=file:///blablabla/folder>Open folder</a>
> - we used to be able to open the folder by clicking on the link above but SP2 blocks content that
> does not originate from the same source as the rest of the application which is usually good ;)[/color]

That is to prevent malicious websites accessing a users system. You
could try reducing the security level settings in IE, but it's not an
HTML question. The best solution is to have the user open the folder
themselves, since it's on their machine.0
[color=blue]
> Is there a way to circumvent this limitation[/color]

Knowing IE, there's probably a security hole you can exploit to do what
you want, but otherwise, no!
[color=blue]
> cause it renders a large part of our application useless??[/color]

That's what you get for poor design and implementation of the system.

--
Lachlan Hunt
http://lachy.id.au/
http://GetFirefox.com/ Rediscover the Web
http://SpreadFirefox.com/ Igniting the Web

[color=blue]
>The first problem is IE. Switch to a better browser like Firefox or
>Opera. I believe they will also prevent this too, but you and the rest
>of the world will be much better off using standards compliant browsers.[/color]

;) I use Firefox - that is not the problem here. There is also no reason to bitch about it because
we are talking unified corporate intranet environment and not internet.
[color=blue]
>Then why are you using a file input control? They are designed to
>submit the file, not the file name and path, when the form is submitted.[/color]

Because it is the only easy way to read the path to a certain file. Just select the file and pass
the value of the field to a hidden field without uploading the file.
[color=blue]
>That is to prevent malicious websites accessing a users system. You
>could try reducing the security level settings in IE, but it's not an
>HTML question. The best solution is to have the user open the folder
>themselves, since it's on their machine.0[/color]

That was already clear. Try to imagine a distributed system with hundreds of users storing redundant
25Mb+ files on a shared webserver over the Internet. That simply doesn't work. That's why we opted
to store the paths to certain directories on local interconnected networks using unified disk
mapping in the central database. A click on such link opened the folder to the user and took the
user directly to his/her project data.
[color=blue][color=green]
>> Is there a way to circumvent this limitation[/color]
>
>Knowing IE, there's probably a security hole you can exploit to do what
>you want, but otherwise, no!
>[color=green]
>> cause it renders a large part of our application useless??[/color]
>
>That's what you get for poor design and implementation of the system.[/color]

I am in this business since 1994. Please do not bitch, read the explanation above ;)

Thanx

Yuri

Yuri Vorontsov wrote:
[color=blue]
> There is also no reason to bitch about it[/color]

Yeah, but we do enjoy bitching from time to time.
[color=blue]
> we are talking unified corporate intranet environment and not internet.[/color]

So your question is off-topic for this newsgroup, then?

--
Brian (remove "invalid" to email me)

[damonkohl]

hi,

i'm having the same problem as you. did you find a solution yet? or is there a way to use javascript to code the functionality of that 'browse' button?

Quote:

Originally Posted by Yuri Vorontsov

Hallo!

We have troubles (post XP SP2) to open local folders from the web application:

- the web application allows users to select a local file (input type=file)
- the system DOES NOT upload the file but stores the path to the folder containing this file into a
database.
- the path to the local folder is linked as <a href=file:///blablabla/folder>Open folder</a>
- we used to be able to open the folder by clicking on the link above but SP2 blocks content that
does not originate from the same source as the rest of the application which is usually good ;)

Is there a way to circumvent this limitation cause it renders a large part of our application
useless??

Thanks!
Yuri