On Apr 21, 3:34 pm, sheldonlg <sheldonlgwrote:
What happens is that there is a pop-up that asks the user whether he
wants to open the file or save it. He can also cancel. This satisfies
the security question because the user must give permission.
Not in the default browser security model. In in the default browser
security model Javascript has no access to the local file system _of
any kind_ - that includes any kind of runtime dialogs to beg a
permission from the user. It is very smart way to do because the
practice proved that end users very rarely are able to make an
educated decision "allow/don't allow" for security sensitive question:
thus an additional protection level is needed. Respectively to get a
permission to ask for a permission the script has to be properly
signed first. There is a trick for IE and Firefox to get such pop up
for some runtime generated content:
http://groups.google.com/group/comp....ab048d640b343b
I do expect that SaveAs exploit will be fixed sooner or later for IE -
if not already fixed. It also doesn't help for any other browsers
besides IE and Firefox.
This way just relax and use the standard age old server-side schema
which works just fine everywhere:
<form name="saver"
target="dumpster"
action="pushback.php">
<input type="hidden" name="data" value="">
</form>
<iframe name="dumpster"
src="blank.html"
style="display: none !important"></iframe>
then in your script:
document.forms['saver'].data.value = currentValue;
document.forms['saver'].submit();
then on your server pushpack.php returns data with octet-stream header
to trig Save As dialog.