On 07/02/2011 02:42 PM, Sam Sharpe wrote:
On 2 July 2011 22:20, JDjd1008@gmail.com wrote:
On my machine, when I disable javascript, it is unable to display my files. I understand that the browser is supposed to be able to display your files with the file:/// URL. I just was not expecting my router to issue a javascript to to access my files. And my concern is that any web site can issue a javascript to access personal files; and most people are unaware of this, because they are not techies, and do not understand what javascripts are capable of doing.
I don't think you understand. Your browser can access your local files. It is doing so via a file:/// URL. This is not a problem with javascript, this is a feature of your browser. To check this, please type in "file:///" into your browsers address bar manually and you will see that there is no difference in the behaviour. I repeat, this is not a javascript problem and you are getting hysterical over nothing.
It is not a security risk because it is showing you the files you have access to on your machine. Javascript has absolutely nothing to do with it apart from sending *you* to the URL.
When I disabled javascript, the the link in the router's page could no longer open file:/// I am not saying that THAT script in itself is a terrible threat. There are far more sophisticated javascripts than just displaying your files in the browser.