Peter Hansen wrote: > It appears the correct approach might be something along the lines of > reading the registry to find what application is configured for the > "HTTP" protocol (HKCR->HTTP->shell->open->command) and run that, passing > it the URL. I think that would do what most people expect, even when > the URL actually passed specifies the "file" protocol and not "http".
Yeah...but here's where my mind splits. I like security, but I'm not sure I like the idea of breaking URL syntax and treating "file" as "http" when it's explicitly specified...although in the context of a URL, that might be the user's intended use-case... so do we go with "do the secure, probably expected thing" or "do the thing Tim Berners-Lee designed it to do"? Since the behavior is "correct" in the "http://"; case (the text is displayed in the browser), and any "file://" access has physical and network security built into it by nature of never accessing outside the user's already-accessible file domain, maybe it is "correct" that the "file://" access be treated as though it was issued from a shell command or file-explorer window. Which makes it no security hole at all, it would seem... --Blair -- http://mail.python.org/mailman/listinfo/python-list
