Opening a local file in a browser

Discussion in 'ASP .Net' started by Mark Rae, Jan 22, 2005.

  1. Mark Rae

    Mark Rae Guest

    Hi,

    I'm writing a web app in VS.NET 2003, part of which allows users to download
    reports in the form of XML documents to their local machine for further
    processing. I'm using a 3rd-party Java applet to do this, and it works
    perfectly.

    However, I'd like to be able to offer users the ability to view the XML
    documents once they've downloaded them. I thought I could do this by
    providing a simple hyperlink, but I must be doing something wrong because
    it's not working.

    E.g. let's say they've downloaded a document called 20050122091003.xml into
    the root of their C:\ drive. I created a hyperlink control which, when I do
    a View Source in the HTML that ASP.NET generates, looks like this:

    <a target="_blank"
    href="file:///C:/20050122091003.xml">C:\20050122091003.xml</a>

    However, when I click it, nothing happens. But, if I take the href portion
    of the hyperlink and paste it into the Address box of a browser window, it
    opens perfectly.

    What am I doing wrong?

    Any assistance gratefully received.

    Mark Rae
     
    Mark Rae, Jan 22, 2005
    #1
    1. Advertising

  2. Mark,

    This is actually a browser security feature; it has nothing to do with your
    application in particular. If the browser in question is IE, the simplest
    workaround is usually to add the site to the trusted sites list. Of course,
    this should only be done if the site is actually sufficiently trustworthy to
    merit this.

    HTH,
    Nicole


    "Mark Rae" <> wrote in message
    news:...
    > Hi,
    >
    > I'm writing a web app in VS.NET 2003, part of which allows users to
    > download reports in the form of XML documents to their local machine for
    > further processing. I'm using a 3rd-party Java applet to do this, and it
    > works perfectly.
    >
    > However, I'd like to be able to offer users the ability to view the XML
    > documents once they've downloaded them. I thought I could do this by
    > providing a simple hyperlink, but I must be doing something wrong because
    > it's not working.
    >
    > E.g. let's say they've downloaded a document called 20050122091003.xml
    > into the root of their C:\ drive. I created a hyperlink control which,
    > when I do a View Source in the HTML that ASP.NET generates, looks like
    > this:
    >
    > <a target="_blank"
    > href="file:///C:/20050122091003.xml">C:\20050122091003.xml</a>
    >
    > However, when I click it, nothing happens. But, if I take the href portion
    > of the hyperlink and paste it into the Address box of a browser window, it
    > opens perfectly.
    >
    > What am I doing wrong?
    >
    > Any assistance gratefully received.
    >
    > Mark Rae
    >
     
    Nicole Calinoiu, Jan 22, 2005
    #2
    1. Advertising

  3. Mark Rae

    Tarren Guest

    You could achieve the feature this way.

    Keep a copy of the file on the server, and stream it to the browser when
    they click to view, so it will be a replica of the file they have on their
    disk. Since it will be readonly, it will not be an issue.

    Or, if the file is small enough, you can keep it in memory and stream it
    from memory.

    You could just keep the memory on server disk/memory until they confirm/deny
    the option to view it on screen to manage server resources.




    "Mark Rae" <> wrote in message
    news:...
    > Hi,
    >
    > I'm writing a web app in VS.NET 2003, part of which allows users to
    > download reports in the form of XML documents to their local machine for
    > further processing. I'm using a 3rd-party Java applet to do this, and it
    > works perfectly.
    >
    > However, I'd like to be able to offer users the ability to view the XML
    > documents once they've downloaded them. I thought I could do this by
    > providing a simple hyperlink, but I must be doing something wrong because
    > it's not working.
    >
    > E.g. let's say they've downloaded a document called 20050122091003.xml
    > into the root of their C:\ drive. I created a hyperlink control which,
    > when I do a View Source in the HTML that ASP.NET generates, looks like
    > this:
    >
    > <a target="_blank"
    > href="file:///C:/20050122091003.xml">C:\20050122091003.xml</a>
    >
    > However, when I click it, nothing happens. But, if I take the href portion
    > of the hyperlink and paste it into the Address box of a browser window, it
    > opens perfectly.
    >
    > What am I doing wrong?
    >
    > Any assistance gratefully received.
    >
    > Mark Rae
    >
     
    Tarren, Jan 22, 2005
    #3
  4. Mark Rae

    Mark Rae Guest

    "Nicole Calinoiu" <calinoiu REMOVETHIS AT gmail DOT com> wrote in message
    news:...

    Nicole,

    Thanks for the reply.

    > This is actually a browser security feature; it has nothing to do with
    > your application in particular.


    I see.

    > If the browser in question is IE, the simplest workaround is usually to
    > add the site to the trusted sites list.


    Yep - that works.

    > Of course, this should only be done if the site is actually sufficiently
    > trustworthy to merit this.


    Since I'm building the site, I'm confident of its trustworthiness... :)

    Mark
     
    Mark Rae, Jan 22, 2005
    #4
  5. "Mark Rae" <> wrote in message
    news:%...
    <snip>
    > Since I'm building the site, I'm confident of its trustworthiness... :)


    Really? Do you allow any user-provided text to be displayed in any page
    without HTML-encoding? If so, your site is probably vulnerable to
    cross-site scripting attacks, and it shouldn't be added to the trusted sites
    zone. Personally, I make every effort to ensure that my applications
    HTML-encode every bit of dynamic text that might end up in any page, but I
    still worry since there's always the chance I missed one somewhere...

    Other points of potential risk are things like allowing users (even highly
    privileged users) to specify the local file to be opened by one of your
    file: protocol links. This sort of thing could allow one user to force
    local execution of potentially malicious code on another user's computer,
    within the context of the launching user's account.
     
    Nicole Calinoiu, Jan 22, 2005
    #5
  6. Mark Rae

    Mark Rae Guest

    "Tarren" <> wrote in message
    news:...

    > You could just keep the memory on server disk/memory until they
    > confirm/deny the option to view it on screen to manage server resources.


    That might be the best solution - thanks.
     
    Mark Rae, Jan 22, 2005
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?WVNVVA==?=

    Access local port or Running local exe file

    =?Utf-8?B?WVNVVA==?=, Jan 14, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    538
    =?Utf-8?B?WVNVVA==?=
    Jan 14, 2006
  2. lurker
    Replies:
    1
    Views:
    730
    Disco Octopus
    Apr 5, 2005
  3. Lyndon
    Replies:
    1
    Views:
    552
    Leonard Blaisdell
    Jul 25, 2005
  4. deja user
    Replies:
    1
    Views:
    2,375
    Gabriel Genellina
    Oct 27, 2009
  5. fniles
    Replies:
    0
    Views:
    301
    fniles
    Apr 26, 2009
Loading...

Share This Page