On 12/20/05, Maciej Stachowiak <[EMAIL PROTECTED]> wrote: >> Um, they shouldn't be able to. Or at least, in many UAs they can't. > > Do you know of UAs that will prevent a file: URL document from > loading another file: URL in a frame or iframe? Or apply any > restrictions to scripting access to the resulting document. I don't > know of any that will.
Well other than Internet Explorer 6 on XP service pack 2 of course? Although there are of course still ways of doing it. > I don't think reading /dev/mouse will specifically do anything bad, > but I see your point. For file: in file: inclusion I think it would > be wise to exclude certain system paths such as /dev and /etc. I > think this may be done already. This shouldn't be specified in the specifcation, what is safe to be included can only be known to the user agent as it's wholly specific to the platform and configuration of the platform. Jim.
