Actually, even local files cannot be "trusted" by the browser. This is a key reason for many of the security issues in internet explorer. Many vulnerabilities center around tricking IE into thinking a file should be trusted, such as emailing someone an HTML file in an attachment with malicious code embedded. An HTML file *should* be safe under all circumstances, but it's not because of the IE security model.
-Rob On Mon, 2004-10-18 at 16:33 -0400, Adam C Powell IV wrote: > On Fri, 2004-10-15 at 16:02, Emilio Jes�s Gallego Arias wrote: > > El jue, 14-10-2004 a las 10:32 -0400, Adam C Powell IV escribi�: > > > So then, given that the primary GNOME browsers are mozilla-based, why is > > > it that neither of them even suggest mozilla-bonobo? In fact, searching > > > through /var/lib/dpkg/available, it is not mentioned as any kind of > > > dependency anywhere. > > > > mozilla-bonobo is believed to have security risks. > > Ah, yes. Makes every bonobo component a front-line remotely vulnerable > app, as well as the mozilla-bonobo glue code. I tend not to browse > "non-trusted" sites, and really like the feature for browsing local > files (I have a lot of HTML "index" pages with PDF links). But then, > aside from local files, what can be "trusted"? > > Thanks for the explanation, > > -Adam P. > > GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6 > > Welcome to the best software in the world today cafe! > http://lyre.mit.edu/~powell/The_Best_Stuff_In_The_World_Today_Cafe.ogg >
