On Sun, Sep 7, 2025 at 1:25 PM Félix <[email protected]> wrote:
> @Edward About security with relation to a html file content. > Thanks for this detailed response. I think in an office setting, an executable, or a pdf file or > microsoft-office document containing a malicious macro to be run is far > worse. > > Unlike running a python script, (or any other scripting environment like > a macro in excel , etc.) a browser running a web page /html script cannot > arbitrarily read/write files on your hard drive. Even if it the browser's > executable is run as admin, the browser will bring up warning and > permissions dialogs. That is because browsers do not open/load nor follow > links with the "file://:" protocol. You have to start up a web server so > that the protocol is "http://localhost/blablabla/index.html"; for the > browser to load/open files.. > > The only thing you can do locally with an html file opened directly from > the filesystem on your hard-disk is : rendering that html file 'alone'. - > That is why it then has to be self-contained. Meaning that all the css > styling and javascript scripts have to be *inline *in the file and cannot > be imported in the html header from other script.js and style.css files > like on a regular web page. Does that mean that scripts in local html files (including onLoad) never run? That would be jolly. Malevolent webpages and/or html does not have to do with typical security > concerns (file read/write on your hard-drive) but instead have to do with > mimicking graphical design and layout of the html page, (like for your own > bank, and have your real name and personal info printed on it that they > automatically got somewhere else because its public info) to have the user > confidently put in credentials. (to enter a fake sweepstake, or fake login, > etc...) > > So in conclusion, opening a local html file in your browser is not a > security concern in itself. > That's good to know! Félix -- You received this message because you are subscribed to the Google Groups "leo-editor" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/leo-editor/CAMF8tS1-MJ-TPCnujejRt9wGPV7zgzetnUAPw4JNtTZ%2BfNziaQ%40mail.gmail.com.
