Originally Posted by jmrker
One more (final???) question for my own understanding...
I was not aware that I was using "The file:// mode in IE,..." as you discuss above.
Are you saying that is a mode that occurs
when I execute the HTML from a local file on my computer from any browser
as opposed to having the script as a server file?
that's exactly what i'm saying. IE used to leave the door wide-open, you could ajax any domain, read and write files, write registry keys etc, then malicious FSO and activeX attacks started propagating on windows machines (shocking), and M$ took a lot of heat for it.
so, ie over-compensated imho and locked everything down tight when a page is loaded from a file. Since a server implies a paper trail to a registered entity, they allow MORE freedom on http:// than file://.
chrome and FF have always been fairly conservative with perms on file://s, but they too have batoned the hatches more and more as time goes on. you used to be able to ajax local files from any folder on the drive in FF, then it was sub-dir files only, then they stopped even letting you list sub-folders, so you have to know the exact path of a file to ajax it.
anyway, yeah, there's a big diff between http, file, blob, data, and https page origins.