On Mon, 17 Jan 2022, at 05:19, songbird wrote: > you are right, but i just wanted to say that for some sites > the behavior is to generate a unique file name if they find > one that already exists with the same name and for other sites > it is not. i think this is dependent upon the website designers > and not firefox.
Are you saying that code on a webpage can interrogate my file system to see whether certain files exist? I don't like the sound of that. A quick google found me: https://developer.mozilla.org/en-US/docs/Web/API/File_System_Access_API which seems to describe ways that Javascript can read and write my files, and scan my directories (or will be able to when this API is implemented). There's not enough information, in my view, explaining how a browser user can prevent that. It says - if I'm reading it right - that it's secure because users are offered file pickers etc when a file is to be opened or file-save dialogs when something is to be created. But one of the code examples describes getting a handle to a directory and says if the directory doesn't exist yet it will be created. That suggests that rogue code could create folders on my system. I think I also read that once the code has a handle to a directory it can scan sub-directories as well. -- Jeremy Nicoll - my opinions are my own.
