On html local permissions issue-vulnerability warning-the black bar safety net


Author: lcx Recently read two articles, an article is Google Chrome using ajax to read a local file vulnerability, and the other is the local implementation of ajax permissions issue, for this I have a little own idea, I think this is not security, it seems like these two articles is not present in the html of permission to have an adequate understanding. Two examples, one is the html to read local txt content, one html operation of the local database, the key is the user allowed to execute local js. If it is unclear html permission have enough big words, do the C:\WINDOWS\pchealth\helpctr\System\sysinfo below the related html, 如C:\WINDOWS\pchealth\helpctr\System\sysinfo\sysinfosum.htm you will have enough understanding. If you have a user to perform local active permissions for the operation, IE is not the browser version, like the html to read local txt content the same in IE8 under applicable(win7+ie8 and XP SP2+ie7 to the test by it. So I think the emptiness prodigal heart hair a break on this browser test A to that browser testing of ajax reading content, as well as xeye team on this topic the research of little significance, is itself allows the user to perform a local js. If there is no prompt to perform, then, is the security issues. For example, like ms06014 net horse in the xp system on the patch hit, you the local implementation of the ms06014 net horse, if a step-by-step allows all the execution are agreed, it is also can be performed. One of the words, I hope the above two articles the authors do not scold me.