> Date: Wed, 17 Feb 2010 11:18:03 -0800 > From: mogulguy@xxxxxxxxx > Subject: Re: Access from a local file > To: or-talk@xxxxxxxxxxxxx > One of the reasons is to prevent malicious users from including file:// urls in an external webpage. With file:// urls, a webpage could be designed to test for the existence of local files on your computer. How? Same origin policy prevents an external website from accessing any local files directly. And the 'onload' trick detailed at http://72.32.12.210/archives/vulnwatch/2002-q2/0032.html doesn't work (FF2 OSX anyway) because the images or Iframes never load from local resources at all. Do you have a Proof of Concept? GD Hotmail: Trusted email with powerful SPAM protection. Sign up now. |