Hacker News new | past | comments | ask | show | jobs | submit login

How do you define local precisely? Is it 127.0.0.1, 127.0.0.2, localhost, 192.168.0.2 or an IPv6 address in ::1/128? Browsers allow a Web page to load images and code from other domains for obvious reasons. Making exceptions to that rule for the local machine would break some legitimate software and be difficult to implement correctly.



In context of this issue, it's none of these. file:// scheme should not be accessible from http(s):// contexts.


Exactly. This is hardly an issue to get worked up about. The attack vector requires the user to download a file.

HN has definitely hit it's eternal September given that so many people didn't know this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: