On 07/02/2011 02:42 PM, Sam Sharpe wrote:
On 2 July 2011 22:20, JD<jd1008(a)gmail.com> wrote:
> On my machine, when I disable javascript, it is unable to display my files.
> I understand that the browser is supposed to be able to display your files
> with the file:/// URL.
> I just was not expecting my router to issue a javascript to
> to access my files. And my concern is that any web site can issue a
> javascript to access personal files; and most people are unaware of this,
> because they are not techies, and do not understand what javascripts
> are capable of doing.
I don't think you understand. Your browser can access your local
files. It is doing so via a file:/// URL. This is not a problem with
javascript, this is a feature of your browser. To check this, please
type in "file:///" into your browsers address bar manually and you
will see that there is no difference in the behaviour. I repeat, this
is not a javascript problem and you are getting hysterical over
nothing.
It is not a security risk because it is showing you the files you have
access to on your machine. Javascript has absolutely nothing to do
with it apart from sending *you* to the URL.
When I disabled javascript, the the link in the
router's page could no longer open
file:///
I am not saying that THAT script in itself is a terrible
threat. There are far more sophisticated javascripts
than just displaying your files in the browser.