Hacker News new | past | comments | ask | show | jobs | submit login

In context of this issue, it's none of these. file:// scheme should not be accessible from http(s):// contexts.



Exactly. This is hardly an issue to get worked up about. The attack vector requires the user to download a file.

HN has definitely hit it's eternal September given that so many people didn't know this.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: