On 07/02/2011 04:46 PM, Reindl Harald wrote:
Am 03.07.2011 01:39, schrieb JD:
As far as writing, the script is running with the user credentials. Why would it not be able to write to or delete the user's own files or other users' files which have permissive perms settings?
BECAUSE JAVASCRIPT CAN NOT DO THIS
Gee - what a great cause for comfort - it can open and read the files, but cannot delete them. I think where there is a will, there is a javascript way to delete even - but that is the least of the problem. It is the fact that javascripts can and do access your files.
It is the fact that as javascript sent by web site can indeed open my files and can upload them to a remote site
IT CAN NOT BECAUSE YOU CAN NOT AUTOMATED SELECT AND SUBMIT UPLOAD-FILES VIA JAVASCRIPT
Where there is a will, there is a javascript way to do so.
I would never put such blind trust as you have done, in javascript, which more and more people (not very many yet) are banning altogether.