Hacker News new | past | comments | ask | show | jobs | submit login

To clarify, did you try this with a remotely hosted .html file or one on the local hard drive? Browsers treat this case specially and allow more access to the local filesystem.

Putting an html file with an <img src="file:///..."> in it on a remote server should not trigger the vulnerability, if I understand correctly.




This should only work if the .html is located on the local drive. If its hosted you will get a Not allowed to load local resouce error.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: