Access from a local file

downie - downgeoff2 at
Wed Feb 17 21:58:20 UTC 2010

> Date: Wed, 17 Feb 2010 11:18:03 -0800
> From: mogulguy at
> Subject: Re: Access from a local file
> To: or-talk at
> One of the reasons is to prevent malicious users from including file:// urls in an external webpage.  With file:// urls, a webpage could be designed to test for the existence of local files on your computer. 

How? Same origin policy prevents an external website from accessing any local files directly. And the 'onload' trick detailed at
doesn't work (FF2 OSX anyway) because the images or Iframes never load from local resources at all.
Do you have a Proof of Concept?

Hotmail: Trusted email with powerful SPAM protection.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tor-talk mailing list