Javascript loads fine locally but not JSON. I understand it is a security issue, but confused about why a JSON file would potentially be more malicious than a Javascript file. I thought it would be the other way around?
I can see that css, js and image files loads fine locally. Is it just JSON and XML that will not do this? Have not been able to find a list of what will and what will not work.
Asked
Active
Viewed 15 times
0
Jorgs
- 61
- 4
-
you mean when using `file:///` protocol to load the page? because using `file:///` protocol would allow a "page" to access (almost) EVERYTHING on the computer - not just JSON or XML files - EVERY file - and, lets face it, you don't want that. If you want to develop web pages, use a local server (there's about a million ways of doing this, just a little research you should find what is suitable for your development needs) – Bravo Jun 12 '22 at 08:52
-
1You’ve got the wrong idea of who the Same Origin Policy is trying to protect. It isn’t to stop malicious data being inserted into the page (that’s what a CSP is for), it is to stop JS in a malicious page accessing data it shouldn’t access . – Quentin Jun 12 '22 at 08:57