Comment by SoftTalker

Imagine a very plausible situation. You have 1 HTML file at the top that wants to access hundreds of files in a subfolder. There is no way you can show Allow | Deny for every one of them. On the other hand, it's also possible for someone to take that file and put it in a folder like Documents or Downloads, so blanket allowing it access to siblings would allow access to all those files.

This could easily be solved by some simple contract like "webgame.html can only access files in a webpage/ subdirectory," but the powers that be deemed such thing not worth the trouble.

williamcotton 7 hours ago

  fetch("file:///C:/Users/You/Documents/secrets.txt")

Reply View 4 replies

SoftTalker 5 hours ago

As long as same-origin is enforced this is probably OK? I'm going to steal my own secrets?

Reply View | 0 replies
vedmakk 7 hours ago

"Chrome wants to access 'secrets.txt'. Allow | Deny"

Reply View | 2 replies
- williamcotton 7 hours ago
  
  $ python -m http.server
  
  Reply View | 0 replies
- AlienRobot 6 hours ago
  
  Imagine a very plausible situation. You have 1 HTML file at the top that wants to access hundreds of files in a subfolder. There is no way you can show Allow | Deny for every one of them. On the other hand, it's also possible for someone to take that file and put it in a folder like Documents or Downloads, so blanket allowing it access to siblings would allow access to all those files.
  This could easily be solved by some simple contract like "webgame.html can only access files in a webpage/ subdirectory," but the powers that be deemed such thing not worth the trouble.
  
  Reply View | 0 replies