You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@cordova.apache.org by "Ian Clelland (JIRA)" <ji...@apache.org> on 2014/01/31 22:50:08 UTC
[jira] [Created] (CB-5960) File API mishandles relative URLs that
traverse directories above the FS root
Ian Clelland created CB-5960:
--------------------------------
Summary: File API mishandles relative URLs that traverse directories above the FS root
Key: CB-5960
URL: https://issues.apache.org/jira/browse/CB-5960
Project: Apache Cordova
Issue Type: Bug
Reporter: Ian Clelland
Filesystem URLs should not be able to use ".." path components to reach outside of their sandbox. From the File API, ".." relative to a path resolves to the paths parent directory, and the parent directory of the filesystem root is itself.
So, if {{root}} is a DirectoryEntry representing the root of a filesystem, then
{code}
root.getFile("../file.txt", ...);
{code}
and
{code}
root.getFile("/file.txt", ...);
{code}
should resolve to the same file.
{code}
root.getDirectory("subdir_a/subdir_b", function(entry) {
entry.getFile("../file.txt", ...);
}, ...);
{code}
should resolve to "/subdir_a/file.txt"
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)