2

If I have a directory structure like so

/
├── home
│   └── user
│       └── test.js
├── usr
│   └── bin
└── var
    └── www
        └── index.html

Putting aside folder permissions for the moment, if index.html had the following line

<script src="../../../home/user/test.js">

or

<script src="/home/user/test.js">

Would this be valid? If so, is there any way to prevent this so only nested folders can be reached (EDIT symbolic links must also be ignored)?

Improve this question

3 Answers 3

Reset to default
3

The browser will attempt to access whatever path is in the src attribute. You can restrict certain paths by setting file permissions through your web server (eg. Apache).

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Although I didn't mention it, I am using suPHP, so simply setting all accessible sites to 0777 is out.
how would I set file permissions through Apache2.0 (note, if this is httpdconf related, they are not accepted when using suPHP).
3

It is valid. It's the web server's job to serve or not to serve the file.

If you use /home/user/test.js however, that's usually relative to the document root, so it's equivalent to http://<host>/home/user/test.js.

Improve this answer

Comments

2 
<script src="/home/user/test.js">

would be valid. It would just use whatever domain was on the host web page and would start from the top level directory there. For example, if the host web page was:

http://www.example.com/projectA/test.html

then <script src="/home/user/test.js"> would generate a request for the file at this location:

http://www.example.com/home/user/test.js

Improve this answer

2 Comments

Is there any way to restrict this, either server side or client side?
Restrict it how? What are you really trying to protect from? If you want no web access above a given directory on your server, then you have to configure your web server that way. I'm not one to help you with that kind of question. You would probably need to start a new question that asks how to set directory access permissions in your specific type of web server environment.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.