Re: [dev] security issue running surf from home folder

From: Jakukyo Friel <weakish_AT_gmail.com>
Date: Fri, 9 Jan 2015 09:56:18 +0800

On Thu, Jan 8, 2015 at 7:07 AM, <tautolog_AT_gmail.com> wrote:


> Say you call up surf just to download a file, from a working directory.
> You would expect the download to go into the working directly, as if you called curl or wget.

1. I tend to think surf will download to a default place,
    for example `~/Desktop` if I've not specify one.

2. If I do expect the same result as if I called curl or wget:

2.0 Both curl and wget do not understand window.location.assign.
2.1 curl -O does not follow 301 redirect.
2.2 wget follows 301 but use the original name as the saved file name,
      e.g., 'a.html' redirects to '.bashrc', wget save it as 'a.html'.
2.3 Since `curl -O` does not follow 301 redirect, it will not override
already exist file
      unless you feed it a url and does not look at the last part of the url.
      And wget has another level of safe net: if it detects files with
same name already exist,
      it will change the saved name, e.g. `.bashrc.1`, etc.
Received on Fri Jan 09 2015 - 02:56:18 CET