- From: Jim Ley <jim.ley@gmail.com>
- Date: Tue, 20 Dec 2005 09:39:22 +0000
On 12/20/05, Maciej Stachowiak <mjs at apple.com> wrote: >> Um, they shouldn't be able to. Or at least, in many UAs they can't. > > Do you know of UAs that will prevent a file: URL document from > loading another file: URL in a frame or iframe? Or apply any > restrictions to scripting access to the resulting document. I don't > know of any that will. Well other than Internet Explorer 6 on XP service pack 2 of course? Although there are of course still ways of doing it. > I don't think reading /dev/mouse will specifically do anything bad, > but I see your point. For file: in file: inclusion I think it would > be wise to exclude certain system paths such as /dev and /etc. I > think this may be done already. This shouldn't be specified in the specifcation, what is safe to be included can only be known to the user agent as it's wholly specific to the platform and configuration of the platform. Jim.
Received on Tuesday, 20 December 2005 01:39:22 UTC