Mailto URI does not allow to attach file due to security concern. Is there any other way to achieve this functionality?
When user clicks on sendmail button in my application, it is populating outlook desktop application (as I have used mailto URI), so I can only allow to use mailto option in my coding.
My application constructed by HTML,JS,Node.js (I should not use nodemailer)
This is not possible. There will be security concerns if it was. You can ask the user to upload the file to the server, retrieve the file and add the URL to the uploaded file in the message body in mailto:.
Related
I have a cordova app which offers a journal function. Users store questions and programmatically generated answers to local storage, which are presented in a rich html page through a Webview.
Some users have asked for the ability to export that file for safekeeping. I want to implement one javascript solution which works in either IOS or Android. So I need a solution that doesn't depend on a local file system (because IOS won't allow that).
I thought about creating an email a user can send to themselves. I could generate a pdf with one of the pdf libraries, but RFC 2368 says I can't attach that as attachments are not allowed in the mailto URL scheme. I can't put html in the body of a mailto email either, RFC 2368 again.
The local storage data is butt-ugly: I don't want to send raw data or JSON strings to an end user, and while I could render a plain-text mailto body, I'd have to lose images and just lay out some very long URLs in plain text and cross fingers that the client will render them as links.
A webview browser page can't be saved.
So what am I missing? What's the single genius solution for taking a web page that exists in local storage and providing the user a way to store it locally on a computer or snag it from a server, regardless of the device or operating system of their phone or tablet?
I'm trying to make it so that a file from my web server can be downloaded to an Android mobile device. I want the user to be able to press a Download button on the site, and then they will have the option to save it on there phone's sd card.
The only way I can think of doing this is by using FTP, and having the button navigate the user to ftp://username:pass#webserver/file.blah
Is there another way, using strictly HTML5 and JS?
I have tried using the download tag, but that doesn't seem to work. Instead of downloading the image it redirects them to the page with the image on it.
Link
HTML5 solution
To force downloading a file, if you are using HTML5, then you can use the download attribute by defining the anchor tag like this.
Download Link
Server-side solution
It is likely that the user's browser doesn't support the download attribute. Check this. So the other solution invloves the server-side. You can use the Content-Disposition HTTP header. Serve this as one of the headers of the HTTP response for the download route. This will force the browser to download the file as an attachment.
Content-Disposition: attachment; filename="download.png"
RFC Read section 19.5.1
I'm relatively new to this
We have a requirement to save a file with out the use of the dialog box.
I was wondering if I can use AJAX or some other JavaScript to "Push" the file from the client PC being viewed in a browser to to some web service the client is running and have it save the file.
Do I get into cross site scripting issues or an issue I don't know about at present?
Thanks
With valums uploader script, users can drag and drop files (in certain browsers) to a button on the page.. so, yes, no dialog box, but it still requires user interaction. (I also know IE10 should be able to handle drag/drop functionality from one of their demos; so this kind of functionality is gaining ground).
I don't think you can upload a file without a dialog box. That would remove the user interaction, so it would be the same thing as allowing a webpage to select any file it wanted and upload it without user interaction - an obvious security flaw.
Generally, without a dialog box, no it can't be done.
HTML5 has a file API where the web app can store files on the local machine. But this access to the filesystem is sandboxed, so you get to access files only under your directory.
Why can't you do without a dialog box? Imagine you visit some site and it "uploads" files without your permission. That's a security FAIL. The dialog box is the user's authentication for the file to be uploaded.
Yes. I know most developers avoid this because the browser does not allow such hidden downloads, and ask the user if and where to save the file (Known web security issue).
And also I could not know when the download is over.
But
If my client realy insist that he will be able to click once on a web page an have an outlook window open and filled,containing an attachment. can I do so using my own customized browser?
Using a customized browser, yes. (If your client runs windows and has office installed...)
For example, create a .Net winform-program with a IE-browser-control in it.
Add hook to IE-control to get when user clicks a specific a-link.
Then perform a download of file from winform-program, use office-api/automation/3rdpart-control from winform-program to fire up a new mail and add attachment to the mail.
There is no way you can push a server side existent file into a local email window as attachment. It is not sure your client machine runs windows or has MS Outlook at all.
there are mailto link specifications to have urls made in a way that most of the Email clients will receive certain commands from the browser and act accordingly, for example as you can see here: Mailto Parameters Test try the link in the page and you will get a new email window in your default Email Client with To, CC, BCC, Body and subject prefilled.
There is nothing else you can do because you cannot embed file streams in such mailto url.
I understand that I can do browser authentication with Javascript, and then grab, say, an XML file with that javascript. My use case is a bit different though: There's a link on a webpage to a PDF on a different server. That server does browser authentication. The username and password are NOT secrets, in fact right now, we publish the link like this:
"Download PDF (use guest/guest as username/password)".
What I need: the user clicks the link, but does NOT have to fill in the username/pass, because we see many users getting confused by this (in usability tests).
We do not have access to the other server where the PDF is hosted.
Any ideas?
You can write the link like this: http://gast:gast#mis.vlaanderen.be/cognos7/metadata/mp_v_i_im_020_e100_az_algemeen_overzicht.pdf
This URL is a test case: http://mis.vlaanderen.be/cognos7/metadata/mp_v_i_im_020_e100_az_algemeen_overzicht.pdf
The username is "gast", the password is "gast" (as it says in the authentication box).
If you can embed that in a page in a link, and make it open without triggering the browser authentication box, you're my hero :)
http://gast:gast#domain.com/file.pdf