What OS is it? What FS ? I've checked with GHardy - everything works just
fine. You can create filenames with ":", ">", "<", etc. Anything except "/"
but then it's compensated by the fact that duplicated slashes are ignored.
Cygwin works too (starting from version 1.7 where support for POSIX FS
namespace was added) even if it's pretty irrelevant to Chrome discussion...
On Sat, Jan 9, 2010 at 5:28 PM, Pierre-Antoine LaFayette <
pierre.lafaye...@gmail.com> wrote:
> Bash won't let me do this:
>
> $ mkdir https:
> mkdir: cannot create directory `https:': No such file or directory
>
> $ mkdir "https:"
> mkdir: cannot create directory `https:': No such file or director
>
> 2010/1/9 Victor Khimenko <k...@google.com>
>
>>
>> On Sat, Jan 9, 2010 at 2:55 PM, Antoine Labour <pi...@google.com> wrote:
>>
>>> I'm not sure I understand the security risk... If an attacker is able to
>>> write files on my disk I have a lot more things to worry about than my
>>> browser spoofing urls.
>>>
>>> Are you sure? The idea is the same as with $PATH attack. Sure, some
>> systems don't even need "." in PATH to call programs from current dir by
>> default, but it does make it good idea.
>>
>>
>>> In any case you can always OpenURL(string("file://") +
>>> urlencode(file_or_url)) instead of OpenLocalFile
>>>
>>> What will this change? There are sad but fundamental truth about POSIX
>> filenames: ANY string without embedded NUL characters can be valid filename.
>> There are some limitations (MAX_PATH, max number of slashes in some systems,
>> etc), but they are minor.
>>
>> --
>> Chromium Developers mailing list: chromium-dev@googlegroups.com
>> View archives, change email options, or unsubscribe:
>> http://groups.google.com/group/chromium-dev
>>
>
>
>
> --
> Pierre.
>
--
Chromium Developers mailing list: chromium-dev@googlegroups.com
View archives, change email options, or unsubscribe:
http://groups.google.com/group/chromium-dev
