Open brettz9 opened 10 years ago
brettz9
commented
10 years ago And if you are allowing file opening by "xfile", I'm guessing users could be at risk for XSRF attacks if a site opened an xfile item behind the scenes (and there was no chance for user permission)... I had actually been using my own "xfile" protocol in https://github.com/brettz9/asyouwish/blob/master/demos/requestPrivs-file-browser-demo.html which confirms the user wishes to open the link.
FunkMonkey
commented
10 years ago Hi,
Thanks for the input. Think of xfile as an extended version of the file-protocol that works and looks much more like native file explorers (f. ex. Windows Explorer, Nautilus, etc.) - providing file-system navigation, file operations (copy, cut, delete), views and the like. Visiting a xfile url (which, btw looks exactly like a file url, except for the x in front) automatically adds it to the Firefox history (just like visiting a normal http url).
Dragging a tab to the bookmark-bar or clicking the little star adds it as a bookmark (just like you can do with any other url, including file urls). This allows for easier navigation of the filesystem compared to a native browser, as you just need to type a bit of the path into the addressbar and - if you already visited the path you want to go to - Firefox will propose you all xfile urls containing your query string. (see the screenshot on the main page).
XSRF is truly a risk that I did not think about yet, as the filebrowser never reached a usable state. But this is certainly something that needs to be added once I rewrite Loomo....
Hey, I like that you are working on such a project.
Firstly, I am not clear that xfile: is necessary now, as it seems to me that one can already bookmark and tag directories. I see you mention it can also tag/bookmark files, but I'm not clear how that works--do you have to right-click the file to tag/bookmark it (and avoid opening it)? (Sorry, I tend to wait until approved at AMO before installing, so I think it may be helpful to have this detailed on the readme.)
Also FYI, I have a similar project at https://github.com/brettz9/filebrowser-enhanced/ which might provide some ideas (in the todo list perhaps if nothing else).
Finally, in case you were interested, I have been working on https://github.com/brettz9/webappfind to allow data files to be launched into web applications from the desktop (currently Windows only). I wanted to integrated this into my filebrowser, but I am sharing the idea to you in case it interests you as well. I think it makes sense for this functionality in such a file browser since one is already in a web environment and perhaps even more likely to want to open the files into a web app (or even potentially a desktop app which is aware of the specific file types definable in filetypes.json ).
(I can rename or subdivide these 3 issues in case you want to track any of them independently of this issue.)