Sometimes the boundaries of secure, sand-boxed app development can be a bit tricky to deal with. I’ve just spent a few minutes thinking about shortcut files for Windows 8.1 applications.
Specifically, if an app wants to open up a shortcut file, it can pop up a file dialog;
FileOpenPicker picker = new FileOpenPicker(); picker.FileTypeFilter.Add("*"); picker.FileTypeFilter.Add(".lnk"); var file = await picker.PickSingleFileAsync();
and that lets me pick up a shortcut (.lnk) file but there’s a question of what I can then do with that file. Looking at it in the debugger;
I can clearly see where the .lnk file itself has come from but if I was to (e.g.) launch that file via;
FileOpenPicker picker = new FileOpenPicker(); picker.FileTypeFilter.Add("*"); picker.FileTypeFilter.Add(".lnk"); var file = await picker.PickSingleFileAsync(); // launch! await Launcher.LaunchFileAsync(file);
then nothing much happens. I guess there’s 3 potential problems in this;
- I don’t think there’s a WinRT API to turn a shell link into the actual file that it represents (i.e. nothing in there to give me IShellLink).
- From an access control point of view, my app doesn’t necessarily have access to the file referenced by the shortcut file. It only has access to the shortcut file itself.
- From a security point of view, the file referenced by the shortcut file might be a .EXE file or similar and WinRT doesn’t allow launching those sorts of things.
I could work around (1) by just opening up the file myself and extracting the data from it (it’s a published specification) and I don’t think (3) is a problem that’s added to by the file being a .lnk file so long as the Launcher APIs block me launching .EXE, .BAT and so on (which they do).
But (2) I don’t think I can work around. Having got access to the shortcut file, there’s no way I know of in WinRT of being able to ask for access to the real file other than to attempt to read the .lnk file myself and then put up another file dialog and ask the user to select the real file.
As I said at the start, sometimes the boundaries of secure, sand-boxed app development can be a bit tricky to deal with…and I’ve got at least one app in the Store where I have reviews from users complaining about this kind of limitation but I’m not aware of anything in the platform that allows me to resolve their issues.
“Hidden” files is another “gotcha” for these kinds of apps but that’s another story…