MozillaZine

Javascript File i/o

Thursday May 25th, 2000

Pete Collins from Alphanumerica and Mozilla developers have created a Javascript interface for doing file i/o in Mozilla, which will allow new Mozilla components like Alphanumerica's Crash Recovery system to function properly.

Patterned after the PHP filesystem functions, simple functions such as file read/write and directory create are supported. The code has not yet made it into the nightly build, but they expect it will get in soon.

Note from AN: There seems to be a misconception about Javascript File I/O being a security risk. It is important to clarify that this project is not opening any security holes in Mozilla. There is a difference between Javascript on the Internet and Javascript inside the application. Javascript is used inside Mozilla to create the functionality for the application. This is in contrast to any Javascript downloaded from the Internet that is used for functionality only inside a Web page. This project does not grant any access to Javascript found on the Internet. For more information about how Javascript is used inside Mozilla read more about XPCOM and XPConnect.


#48 Bite me zealot boy!

by SomeSmartAss

Saturday May 27th, 2000 2:15 AM

You are replying to this message

Look.

All I know is that the link I originally read stated that "Casual Progammers" now had acsess to I/O functionaltiy through JavaScript.

That simple statement, without any real qualifying information, sounded quite scary. Yes, I know that I can install any number of potentially harmfull applications via the web; but I always figured Netscape's (and, by proxy, Mozilla's) security model protected me from having dangerous crap running within its sphere of influence. This anouncement initially (and potentially still) sounded like it flew in the face of this trust. I reacted to this somewhat misleading news as any semi-knowledgable indevidual would... with a fair amount of concern. The words "File I/O" and "JavaScript" in the same sentance should raise an eyebrow (or more).

I've as much as admited that I was wrong in my assumtions, and I realy don't think my original post was all that inflamitory, especially given my initial perception.

Don't sit there and try and label me as some flame spawning ignoramous. If you read my posts, and their replies (especially those from svn and petejc) you'll see that I rationally voiced my concerns, and recieved *fairly* adiquate answers to them.

Anyways, this is what open source is all about; everyone having their say. Just because you dismiss me as clueless, doesn't mean my comments are *necesarily* useless. Even if one of the people involved desides to re-examine how this might affect the security model of Mozilla, I've done my part.