Y
Hacker News
new
|
ask
|
show
|
jobs
by
ChrisSD
2541 days ago
Because they already have the run of the user's profile. Why add additional complexity for less access?
1 comments
Tiki
2541 days ago
Because you may of had zero access rather than some, for example a web dev who wouldn't click on an .exe but would open an .html file without a second thought. More access isn't necessarily always the end goal either.
link
dejaime
2541 days ago
If someone is knowledgeable enough to not open a shady exe file, they'll probably not simply open any shady files, including doc, ppt, and html
link
pas
2540 days ago
Nah, people are dumb (exhibit A: myself) and overly trusting of parsers/sandoxes.
link
posix_me_less
2540 days ago
Not true for html files. They are widely regarded as harmless.
link
dejaime
2527 days ago
I have never seen anyone saying HTML files are harmless, and would definitely never say it myself.
link