[whatwg] XML data islands related question

Anne van Kesteren annevk at annevk.nl
Thu Aug 8 07:05:52 PDT 2013


On Thu, Aug 8, 2013 at 3:01 PM, Jukka K. Korpela <jkorpela at cs.tut.fi> wrote:
> 2013-08-08 9:13, Ian Hickson wrote:
>> XHR uses the same underlying logic as <img src=""> and <script src="">. If
>> you're able to conjur a file up for <img src=""> or <script src="">, then
>> I don't see why you wouldn't be able to conjur it up for XHR.
>
> When a local HTML file is opened in a browser and it accesses local files,
> with simple relative URLs like "foo.png" or "bar.js", <img src=""> and
> <script src=""> do not cause HTTP requests of any kind.

XMLHttpRequest works for file URLs as well. In practice browsers often
have this pref-controlled and it's disabled by default for security
reasons (or a somewhat more complicated story). It's not too different
really. I would expect the same to apply to any similar kind of API as
it is mostly about being able to access the data rather than anything
else.


-- 
http://annevankesteren.nl/



More information about the whatwg mailing list