Would the real Path step forward (C:fakepath) ?

A user mentioned a strange path appearing alongside an attachment that they were added to a a mail message in Gmail. I had been looking at performance issues on the same clients internet service and when I saw this  I wondered whether the two things might be related. It turns out that the are distantly related. The slow performance may have caused the message to be seen by the user but the real problem is a workaround used by Microsoft. I tested  first by creating a new message – attaching a file (reasonably large) and getting no c:fakepath mentioned. I then noted a message in the gmail sidebar menu about not being able to connect to gmail – even though it was obvious that they could.

The fakepath feature was an attempt by Microsoft to overcome a particular security issue in IE8. You can read about it on the MSDN site at http://msdn.microsoft.com/en-us/library/ms535128(VS.85).aspx

“The fully qualified filename of the selected file is returned only when this setting is enabled. When the setting is disabled, Internet Explorer 8 replaces the local drive and directory path with the string C:fakepathin order to prevent inappropriate information disclosure.


However the fact is the fakepath indication only lasts until the file is uploaded onto the server in advance of it being sent. Thereafter, the attachment has its own name.


In this case the link may have dropped or been very slow when the user added the attachment – and therefore saw the c:fakepath url before it changes to the correct name of the file.