Hacker News new | ask | show | jobs
by shitloadofbooks 3882 days ago
It's to do with the browser security model and JavaScript restrictions on file:// paths.

I'm not entirely sure of the class of attack that it prevents, but it's been that way for quite a while now.
1 comments
scott_karana 3882 days ago
For a while, browsers allowed unfettered Javascript access to local files, so malware sites would just get users to save the site, and run it.

Tada, access to local files, or unlimited XHR requests for DDoSing, etc. :-)

link