On Thu, Aug 8, 2013 at 3:01 PM, Jukka K. Korpela <[email protected]> wrote: > 2013-08-08 9:13, Ian Hickson wrote: >> XHR uses the same underlying logic as <img src=""> and <script src="">. If >> you're able to conjur a file up for <img src=""> or <script src="">, then >> I don't see why you wouldn't be able to conjur it up for XHR. > > When a local HTML file is opened in a browser and it accesses local files, > with simple relative URLs like "foo.png" or "bar.js", <img src=""> and > <script src=""> do not cause HTTP requests of any kind.
XMLHttpRequest works for file URLs as well. In practice browsers often have this pref-controlled and it's disabled by default for security reasons (or a somewhat more complicated story). It's not too different really. I would expect the same to apply to any similar kind of API as it is mostly about being able to access the data rather than anything else. -- http://annevankesteren.nl/
