[Tiki]

It's not so much why someone would choose this over that, as it is what attack vectors are added to which surface. Why wouldn't a bad actor be willing to jump back into a leaky sandbox?

[ChrisSD]

Because they already have the run of the user's profile. Why add additional complexity for less access?

[Tiki]

Because you may of had zero access rather than some, for example a web dev who wouldn't click on an .exe but would open an .html file without a second thought. More access isn't necessarily always the end goal either.

[dejaime]

If someone is knowledgeable enough to not open a shady exe file, they'll probably not simply open any shady files, including doc, ppt, and html

[pas]

Nah, people are dumb (exhibit A: myself) and overly trusting of parsers/sandoxes.

[posix_me_less]

Not true for html files. They are widely regarded as harmless.

[dejaime]

I have never seen anyone saying HTML files are harmless, and would definitely never say it myself.