为什么文件的绝对路径无法正常工作?

huangapple go评论109阅读模式
英文:

Why is that absolute path for file doesn't work properly?

问题

function OnSelectedFileOpened(s, e) {
    var path = 'file:///192.168.1.132/erp/WorklogFiles/' + e.file.id;
    window.open(path, "_blank");
}

The URL is like this when I ran the app "http://localhost:63956/file://..." so the app considers that as a relative path...

The URL has to be "file://..."

What's the problem with that code?

英文:
function OnSelectedFileOpened(s, e) {
    var path = '‪file:///192.168.1.132/erp/WorklogFiles/' + e.file.id;
    window.open(path, "_blank");
}

The URL is like this when i ran the app "http://localhost:63956/file://..." so the app considering that as relative path...

The URL have to be "file://..."

What's the problem with that code?

答案1

得分: 0

以下是翻译好的部分:

首先,您必须非常清楚地记住 Web 服务器(IIS)提供网页和在浏览器中使用 "file://" 选项之间的差异。

所以,如果我有一个网页,比如一个像这样的 html 页面:

<input id="Button1" type="button" value="Click me"
       onclick="myjavatest(); return false;"
       />
       
<script>
    function myjavatest() {

        document.location.href = "file://test/control.pdf";

    }
</script>

<h3>Or try as link</h3>
<a></a>
<a href="file://test/control.pdf">link text</a>

您会注意到,现代浏览器(大多数,如果不是全部)不允许上面的代码。

换句话说,"file://" 已经很久以前就已经被弃用了。原因很简单:

地球上没有人会采用并冒险使用允许您的网站干扰和混淆我的计算机文件的浏览器!!!

因此,这是一个巨大的安全漏洞,因此不允许。

然而,大多数浏览器仍然允许用户手动输入上述文件名的 URL。请注意,我说的是手动输入。换句话说,出于遗留支持的原因(但不是很多),用户可以手动输入 "file://"。

然而,如上所示,使用 href(链接)甚至尝试使用 JavaScript 设置该 URL 使用 "file://" 根本不起作用,也不再允许出于安全原因。您的网站不能开始在我的计算机上打开文件,而从代码中使用 "file://" 允许浏览器在没有用户交互的情况下启动打开我的计算机上的文件。正如前面所述,这是不允许的。

好的,现在上面的内容都解决了吗?

接下来的概念是 IIS 如何映射到网站中的文件?

嗯,在上面的示例中工作,我可以将该 PDF 文件放在网站文件夹的一部分中。

所以,假设我在这里有一个名为 pdf 的文件夹:

为什么文件的绝对路径无法正常工作?

好的,既然文件现在在我的网站上而不是在您的计算机上?

那么您现在可以自由地构建一个引用这些文件的网页。

所以,例如在上面的内容文件夹中,我有一个名为 autofil.jpg 的图片。

因此,在某个网页中,我可以使用图像控件显示该图片,就像这样:

为什么文件的绝对路径无法正常工作?

当我运行页面时,我会得到这个:

为什么文件的绝对路径无法正常工作?

但用户也可以直接输入该 jpg 文件的 URL,并键入以下内容:

为什么文件的绝对路径无法正常工作?

因此,任何作为根页面或站点文件夹的一部分的文件?

Web 服务器可以提供网页,甚至是文件,如果您输入正确的 URL。

请注意 URL 将为:

"站点的基本根" + 文件夹 + 文件名。

因此,在开发过程中,您会看到 "localhost:xxxxxx/FolderName/FileName"

然而,如果您发布到某个 Web 托管,那么本地主机部分将被替换为网站名称 - 但路径名的其余部分将继续工作。

好的,那么如果我有我的 Web 服务器,然后说一些大型企业服务器上有大量的 PDF 文件,用于产品信息可以下载?

嗯,由于该“其他”服务器上的文件夹不是站点的子文件夹,因此您不能为下载这些文件有一个简单的 http(基于 Web 的)路径名,对吗?

所以,您有两个选择:

您可以向网站添加所谓的虚拟文件夹。

IIS Express 没有图形界面和设置菜单,因此在开发和测试过程中可能会非常麻烦。简而言之,虚拟文件夹允许您将企业网络上的其他文件夹映射到文档服务器上的文件,当然,这些文件可能不在与 Web 服务器相同的服务器上。

因此,该映射看起来可能像这样:

//server-docs/products

在上面,您可能有以产品编号命名的文件夹,然后在其中有 PDF 文件。

因此,使用虚拟文件夹,现在您的根/基本站点名称的 URL 也可以使用上述路径名。您可以将该虚拟文件夹命名为 "products"。

因此,URL 现在映射到

"www.mysitename.com/Products/21343/product.pdf

在幕后,上述内容实际上会转换为一个内部文件路径和名称

//server-docs/products/213343/product.pdf。

因此,牢记,您的 VB.NET 或 C# 代码?

它们始终,始终,始终使用有效的 Windows 路径名。您的后台代码不关心服务器对网站的“映射”。

通常,出于安全原因,您可能只希望用户查看他们购买的产品的自己的 PDF 文档,或者出于安全原因的一般原因,您可能不希望冒险让互联网和公众能够输入 URL 来加载这些文件。

在这种情况下,您可以使用数据库或其他方法来呈现文件列表,然后使用后台代码加载和流式传输文件作为下载。这种方法允许更高的安全性,因为那时不存在或不可能存在文件 URL 或来自网站的映射,或者是可能的。

因此,只有根文件夹和站点

英文:

Ok, first you have to keep VERY much in mind the difference between the web server (IIS) dishing out web pages, and that of using the "file://" option in a browser.

So, if I have a web page, say an html one like this:

&lt;input id=&quot;Button1&quot; type=&quot;button&quot; value=&quot;Click me&quot;
       onclick=&quot;myjavatest(); return false;&quot;
       
       /&gt;


    &lt;script&gt;
        function myjavatest() {

            document.location.href = &quot;file://test/control.pdf&quot;;

        }
    &lt;/script&gt;

    &lt;h3&gt;Or try as link&lt;/h3&gt;
    &lt;a&gt;&lt;/a&gt;
    &lt;a href=&quot;file://test/control.pdf&quot;&gt;link text&lt;/a&gt;

You note that modern browser (most, if not all of them) DOES NOT allow the above code.

In other words, the "file://" has been LONG AGO depreciated. And the reason is simple:

No one on planet Earth is going to adopt and risk using a browser that allows YOUR WEB site to mess around and muck with files ON MY COMPUTER!!!

As such, it is a massive security hole, and thus is NOT allowed.

However, most browsers will STILL allow the user to type into the URL the above file name. Note how I said type in. In other words, for legacy support (but not very much), then you the user can type in "file://" by hand.

However, as above shows, a href (link) or even trying to use JavaScript to set that URL using "file://" simply does not work, and it NOT allowed anymore due to security reasons. Your web site can't start opening files on MY computer, and use of the "file://" from code allows the browser without user interaction for some malicious site to start opening files on my computer. As noted, this is simply not allowed anymore.

Ok, now with above out of the way?

The next concept is how does IIS mapping to files in the web site work?

Well, working with the above example, I could place that pdf file in a folder that is part of the folders for the web site.

So, say I have the pdf file here:

为什么文件的绝对路径无法正常工作?

Ok, so now that the file is on MY web site and NOT YOUR computer?

Then you are now free to build a web page with references to those files.

So, for example in that above content folder, I have a picture called autofil.jpg.

So, in some web page, I can show that picture with an image control, say like this:

为什么文件的绝对路径无法正常工作?

And when I run the page, I get this:

为什么文件的绝对路径无法正常工作?

But a user could also type in the URL directly to that jpg file, and type in this:

为什么文件的绝对路径无法正常工作?

So, ANY file that is part of the root page, or folders in the site?

The web server can dish out a web page, or even a file if you type in the correct URL.

Note how the URL will be:

 &quot;Base root&quot; of site + folder + file name.

So, during development, you see "localhost:xxxxxx/FolderName/FileName

However, if you publish to some web hosting, then the local host part will be replaced with the web site name - but the rest of the path name will continue to work.

Ok, then what happens if I have my web server, and then say some big corporate server with a whole bunch of PDF documents for product information that you can download?

Well, since those folders on that "other" server are not a sub folder of the web site, then you can't have a simple http (web based) path name to those files for download, can you?

So, you have 2 choices:

You can add what is called a virtual folder to the web site.

IIS express does not have a GUI and setup menu, so it can be a real pain during development and testing. For a condensed explain, a virtual folder allows you to map other folders on your corporate network to say files on that document server which of course may well not be on the same server as the web server.

So, that mapping will look say like this:

//server-docs/products

And in side above, you might have folders with product number, and then inside those the pdfs.

So, with a virtual folder, then now URLs of your root/base site name can ALSO use the above path name. You might call that virtual folder "products"

And thus, URL's now map to

  &quot;www.mysitename.com/Products/21343/product.pdf

So, behind the scenes, the above actually gets converted to an internal file path and name of

     //server-docs/products/213343/product.pdf.

So, keep in mind that your VB.NET or C# code behind?

They ALWAYS but ALWAYS but ALWAYS use a valid windows path name. Your code behind does use nor care about the server "mapping" to the web site.

Often, for reasons of security, you might only want users to see say their own PDF documents for products they purchased, or for general reasons of security, you may not want to risk and have the wild internet and public be able to type in a URL to load such files.

In that case, then you can use a database, or other means to present the list of files, but then use code behind to load + stream down the file as a download. This approach allows far greater security, since then no file URL's or mapping from the web site exists, or is even possible.

So, only folders from the root folder and sub folders of that site can be used by URL's. You can as noted introduce virtual folders to map out other folders that are not part of the root and sub folders of the site.

Or, you can use code behind, secure that folder, or move it outside of the site. As long as the code behind running has rights to those files and folders, then code behind can read and stream out those files to the end user.

So, use of the "file://" is an old legacy option. A number of older web sites did use that file:// even in hyper-links say for staff to get at a bunch of files and folders, but do so say from a web interface.

However, these days, the use of "file://" as a hyper link, or even attempting to set from code is not allowed anymore.

However, uses can still by hand type in to the URL, and use "file://", as most browsers still allow typing in of such URLs, but attempts to use "file://" from code or even the web server code is simply not allowed anymore for reasons of security.

huangapple
  • 本文由 发表于 2023年8月10日 21:06:50
  • 转载请务必保留本文链接:https://go.coder-hub.com/76876010.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定