20 Feb
2016
20 Feb
'16
9:17 a.m.
I'm working on an application that's distributed as a single HTML file containing JavaScript, intended to be saved locally. The JavaScript then makes various XMLHttpRequests to the network, to provide security properties that a normal web application can't. That's kind of hacky (vs. doing it as a browser extension or whatever), but I was hoping that would make it easy to install in hardened, mostly-read-only OS installations. That works in stock Firefox. It doesn't work in Tor Browser, because window.localStorage (and .sessionStorage) fail for file:// URLs. Is that deliberate? They work for http:// and https:// URLs, so it doesn't seem like a security decision. Thanks.