This is one of those posts that I just know I will link to many many times.
So what is it all about? There are a lot of "developers" (note the quotations) out there that think that it is OK for a web site to write to clients registry, check his disk space, take his dog for a walk or even delete a file on his machine. You can see why I have putted the " around developers to mark those people.
But because I am not here to mock you but to educate you here is a list of things you CAN do on the client's machine (using web pages off course, which means with HTML and JavaScript, because it doesn't matter what are you using on the server):
But how can the user upload a file, you ask? Well there is one and only one way to transfer a file from the user to the server. And that is by using the input type="file" tag. But you can't set the value of this tag programmatically, it can only be set by user. So in short you can't do a thing on the client's file system other then store a cookie.
ps: please leave a comment if I forgot to mention something on the above list.
So what is it all about? There are a lot of "developers" (note the quotations) out there that think that it is OK for a web site to write to clients registry, check his disk space, take his dog for a walk or even delete a file on his machine. You can see why I have putted the " around developers to mark those people.
But because I am not here to mock you but to educate you here is a list of things you CAN do on the client's machine (using web pages off course, which means with HTML and JavaScript, because it doesn't matter what are you using on the server):
- you can set a cookie to store some information
- you can get the resolution and color depth of the user's monitor
- you can get the type of user's browser and operating system
- you can get a list of plugins a browser has installed
- you can crash user's browser by doing some heavy JavaScript calculations (depends on the browser)
But how can the user upload a file, you ask? Well there is one and only one way to transfer a file from the user to the server. And that is by using the input type="file" tag. But you can't set the value of this tag programmatically, it can only be set by user. So in short you can't do a thing on the client's file system other then store a cookie.
ps: please leave a comment if I forgot to mention something on the above list.
Avtor: Anonymous, objavljeno na portalu SloDug.si (Arhiv)