You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As mentioned in #63, this would allow the userscript to attach the generated .torrent file to the upload without requiring the user to navigate to it.
For security reasons, it is normally not possible for a script running on the page to attach a file without user interaction, as this would make it trivial for any malicious webpage to steal files from the user's computer without their knowledge. However, since we are actually generating the contents of this file ourselves, we don't actually care what file it comes from as long as we can somehow upload it to EMP. As such, here is how I see this feature eventually working:
After filling out the presentation on the page, the script downloads the .torrent file directly from the backend server and stores the data in memory
The script overrides the check for dupes and Upload torrent buttons to use this data stored in memory instead of the file referenced by the normal file chooser input
These buttons send requests that mimic what the buttons normally send to EMP, using this in-memory data
Although complex, this ought to succeed in circumventing the limitations of how scripts can interact with file inputs. The main issue will be maintainability, as this creates another possible breaking point of the script if the process of uploading to EMP ever changes. If the script is not updated at that time, it will cease to work entirely for uploading torrents. To prevent this, it should be easy for the user to disable this functionality if necessary. It also might be possible for the script to hijack existing code for submitting the upload instead of reverse engineering it. This would both save effort and reduce likelihood of the feature breaking in some future update to EMP.
The text was updated successfully, but these errors were encountered:
As mentioned in #63, this would allow the userscript to attach the generated
.torrent
file to the upload without requiring the user to navigate to it.For security reasons, it is normally not possible for a script running on the page to attach a file without user interaction, as this would make it trivial for any malicious webpage to steal files from the user's computer without their knowledge. However, since we are actually generating the contents of this file ourselves, we don't actually care what file it comes from as long as we can somehow upload it to EMP. As such, here is how I see this feature eventually working:
.torrent
file directly from the backend server and stores the data in memorycheck for dupes
andUpload torrent
buttons to use this data stored in memory instead of the file referenced by the normal file chooser inputAlthough complex, this ought to succeed in circumventing the limitations of how scripts can interact with file inputs. The main issue will be maintainability, as this creates another possible breaking point of the script if the process of uploading to EMP ever changes. If the script is not updated at that time, it will cease to work entirely for uploading torrents. To prevent this, it should be easy for the user to disable this functionality if necessary. It also might be possible for the script to hijack existing code for submitting the upload instead of reverse engineering it. This would both save effort and reduce likelihood of the feature breaking in some future update to EMP.
The text was updated successfully, but these errors were encountered: