Open guettli opened 2 years ago
The following example worked on macOS. If it worked for you too, you may have placed the files in an insecure directory.
package main
import (
"log"
"os"
"path/filepath"
"github.com/pkg/browser"
)
func main() {
pathDirTmp, err := os.MkdirTemp(os.TempDir(), "sample_dir_*")
if err != nil {
log.Fatal(err)
}
pathFileTmp := filepath.Join(pathDirTmp, "sample_file.html")
dummyContent := `<html><body>Hello World2</body></html>`
// Create file under the temporary directory
if err := os.WriteFile(pathFileTmp, []byte(dummyContent), 0644); err != nil {
log.Fatal(err)
}
// Open the file in the browser
// if err := browser.OpenURL(pathFileTmp); err != nil {
// log.Fatal(err)
// }
// Open the file for reading
osFile, err := os.Open(pathFileTmp)
if err != nil {
log.Fatal(err)
}
// Consume the contents and present the results in a browser
if err := browser.OpenReader(osFile); err != nil {
log.Fatal(err)
}
// Open the directory of the temporary file
if err := browser.OpenURL(pathDirTmp); err != nil {
log.Fatal(err)
}
}
You said "you may have placed the files in an insecure directory"
But I am using it like this:
browser.OpenReader(response.Body)
This means, that I am not explicitly putting the content into a directory....
I had a look at how this gets handled by Python, but that's a huge file: https://github.com/python/cpython/blob/3.10/Lib/webbrowser.py
Sorry, I need to leave now. Feel free to close this, if you don't have time and energy.
@guettli
But I am using it like this:
browser.OpenReader(response.Body)
Yes yes, that's why the file pointer is passed like this.
osFile, err := os.Open(pathFileTmp) ** snip ** err := browser.OpenReader(osFile) ** snip **
My point was that "Where was the temp file created?"
The path "/tmp/browser.1293014077.html
" seems to be insecure. For example, on macOS, temporary files are created in private/var/folders
.
file:///private/var/folders/8c/lmckjks95fj4h_jqzw4v3k_w0000gn/T/browser.140875179.html
The /tmp/browser.1293014077.html
contained the response.Body
value, so it is assumed that the OS or the browser is blocking it for security reasons. Not sure.
Try using os.MkdirTemp()
and os.TempDir()
to store the value of response.Body
in a temporary directory. Then open it and look at the difference in paths.
Feel free to close this, if you don't have time and energy.
Unfortunately, I'm only a passer-by to help and don't have the privilege to close this issue.
I use it like this:
The file
/tmp/browser.1293014077.html
contains the html.But the browser seems to not find the file.
I use Chromium on Ubuntu Linux