W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2010

[whatwg] Inline Web Worker

From: Dmitry Titov <dimich@google.com>
Date: Mon, 25 Oct 2010 12:46:26 -0700
Message-ID: <AANLkTin6bp3SQ1p=+pQody+4cGTrg0jo+9FiuM=L+Te3@mail.gmail.com>
On Mon, Oct 18, 2010 at 11:28 AM, Drew Wilson <atwilson at google.com> wrote:

> I believe it's a security feature.
>
> Imagine that you download foo.html into your C:/ - according to the logic
> below, script running in foo.html should be able to read *any file on your
> C:/ drive*. That seems scary to me.
>
> FWIW, chrome allows passing the --allow-file-access-from-files command line
> flag to make it easier for developers to work locally without running an
> HTTP server.
>

I wish it was an option for a tab (right-click on the tab -> "Allow File
Access" or so), to make spontaneous hacking of a random html easier...


>
> -atw
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20101025/c040c05d/attachment.htm>
Received on Monday, 25 October 2010 12:46:26 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:01 UTC