On Mon, Jun 06, 2011 at 01:12:46PM -0800, peasth...@shaw.ca wrote: > From: Camaleon <noela...@gmail.com> > Date: Mon, 06 Jun 2011 19:34:24 +0000 (UTC) > > Can you give a concrete example of your goal? > > In your home directory, make a file named Category2.html containing any > valid html text. The example you gave in your earlier reply will be fine. > > Open "http://members.shaw.ca/peasthope/#Links"; and you will see three links > containing "file:*Category2". Probably the third non-blank line. > Can you open the second link, file:///~/Category2.html ? It won't open here. > But it works if copied to the clipboard and pasted into the URI window. > Copying and pasting should not be necessary. It should open with a mouse > click! > > > That is, what piece of code is working on that Native Oberon but fails > > inside Iceweasel? > > The link file:Category2.html works for NO. With NO not having a > hierarchical file system it can not open file:///~/Category2.html but > opens file:Category2.html, no problem. Analogously, file:///~/Category2.html > should work for Iceweasel. > > OK; I'm more convinced there's a fault in Iceweasel!
As Camaleon already said: it's a security question. In general, you do not want that a remote website can access your local files. However, you can make Iceweasel work: - open "about:config" in Iceweasel - accept that you know what you're doing (and that you will be carefull) - search for "security.checkloaduri" and set it to "false" (on newer iceweasel's, that's called "security.fileuri.strict_origin_policy" Now, Iceweasel should accept your link. (I have no webserver at hand, so I haven't tested...) see http://kb.mozillazine.org/Links_to_local_pages_don't_work But: The serious security flaw which I see here is the following: This allows all remote site which you're looking at to use "file:///" in order to acces your local files. That's true also for javascript. So, as soon as you set "security.checkloaduri=true", a website you're visiting could copy all files from your local disk which you're allowed to read (so /etc/shadow would be inaccessible (except you run iceweasel as root :-)), but all files in /home/user kann be copied). Do you know how that problem is solved in Native Oberon? Axel -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110607084022.GJ19127@axel
