[5146] in www-talk@info.cern.ch
Re: Bug or Security Feature in Server reply?
daemon@ATHENA.MIT.EDU (Jon P. Knight)
Thu Aug 11 07:14:22 1994
Date: Thu, 11 Aug 1994 13:09:52 +0200
Errors-To: listmaster@www0.cern.ch
Errors-To: listmaster@www0.cern.ch
Reply-To: cojpk@lut.ac.uk
From: "Jon P. Knight" <cojpk@lut.ac.uk>
To: Multiple recipients of list <www-talk@www0.cern.ch>
On Thu, 11 Aug 1994, Frank Majewski wrote:
> Passing this kind of HTML-code causes two tested clients (XMosaic 2.4 & MacWeb)
> to look at server's URL (ie. its CGI-BIN-dir) for the file(s)!
>
> You might say: "That's to be excepted, because the action-URL in the FORM becomes
> the actual matching MAIN-URL!" but in my opinion this is a failure because *after*
> starting the form you are not at server side any more but at client side (the
> transmission has successfully ended), aren't you?
Why not use a <BASE> tag in the <HEAD> of the returned HTML? Then your
relative URL would become relative to the HREF attribute of the BASE
element and not the HREF of the CGI script. You'd want a line in the
headers some thing like:
<BASE HREF="file://localhost/.">
Or am I missing something here?
Jon
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jon Knight, Research Student in High Performance Networking and Distributed
Systems in the Department of _Computer_Studies_ at Loughborough University.
* It's not how big your share is, its how much you share that's important *
