GNU bug report logs -
#65973
[PATCH] ; send filename, not full path, on EWW form submit
Previous Next
Full log
Message #29 received at 65973 <at> debbugs.gnu.org (full text, mbox):
the rationale was initially #1.
every other browser i looked into sent the filename only. based on
that, i was more confident that it was worth submitting a patch.
#3 seems like a good reason too, but i did not know about that until
reading this thread.
Sebastián Monía <sebastian <at> sebasmonia.com> writes:
> Jim Porter <jporterbugs <at> gmail.com> writes:
>> On 11/5/2024 9:08 AM, Eli Zaretskii wrote:
>>> I'd like some rationale for this change. The original report never
>>> explains why sending the full absolute file name to the server is bad.
>>
>> I see three possible reasons: 1) there could be (probably minor)
>> privacy issues with sending the directory structure along to a server;
>> 2) as far as I'm aware, other browsers only pass the "leaf" of the
>> filename; 3) RFC 2813 says that *recipients* should ignore any
>> directories: [...]
>> RFC 2813 is primarily about mail clients, but MDN suggests following
>> it in a web context as well:
>> <https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition>.
>
>> So I think the RFC would suggest that it's *allowed* to send the
>> directories in the "filename" field, but since the server is supposed
>> to ignore it, there's no benefit to doing so.
>
> I didn't get as far as Jim did. I assumed the concern was #1, and I knew
> the rest of the path is ignored, so figured we should go ahead.
>
> Regards,
> Seb
This bug report was last modified 193 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.