Chris Riesbeck wrote:
In Firefox 2, I could simply click on a Browse button to pick a file. The
Javascript would set the SRC of an IFRAME to that file (mangled to file:
form), get the content, scrub it, and dump the output in another window
for saving.
In Firefox 3, this doesn't work because FILE INPUT value is just the file
name, e.g., foo.html, not the entire path. I understand why this is so.
I tried giving my HTML file UniversalBrowserRead capability, though I may
have done that wrong.
You need to set the pref `signed.applets.codebase_principal_support'
to `true' (default is `false') for privilege requests to work. Then
netscape.security.PrivilegeManager.enablePrivilege ("UniversalBrowserRead")
does not throw an exception. But it does not seem to help with the `value'
property either, nor does attempting to get any other privilege.
It didn't help. Should that work?
Apparently not.
Is there an alternative?
A) Using input.files[0].getAsText("target-encoding") to set
iframe.contentDocument.body.textContent and the like. Turns out you
can even use getAsBinary() or getAsDataURI() without requesting
any privileges. That's quite a security logic, isn't it?
B) Submitting a bug report, or voting on an existing bug that targets this
pointless misbehavior.
Or am I back to the older interface where I to copy and
paste the HTML manually from a text editor?
Unlikely, although I consider this crippling input[type=file] and even XHR
beyond use for scripting a major bug. There is no good reason why that
needs to be, especially not security: from my filesystem, I should be
allowed to do everything that the OS permissions of my user account would
allow me to do.
PointedEars
--
Prototype.js was written by people who don't know javascript for people
who don't know javascript. People who don't know javascript are not
the best source of advice on designing systems that use javascript.
-- Richard Cornford, cljs, <f8*******************@news.demon.co.uk>
