@Edward About security with relation to a html file content. I think in an office setting, an executable, or a pdf file or microsoft-office document containing a malicious macro to be run is far worse.
Unlike running a python script, (or any other scripting environment like a macro in excel , etc.) a browser running a web page /html script cannot arbitrarily read/write files on your hard drive. Even if it the browser's executable is run as admin, the browser will bring up warning and permissions dialogs. That is because browsers do not open/load nor follow links with the "file://:" protocol. You have to start up a web server so that the protocol is "http://localhost/blablabla/index.html"; for the browser to load/open files.. The only thing you can do locally with an html file opened directly from the filesystem on your hard-disk is : rendering that html file 'alone'. - That is why it then has to be self-contained. Meaning that all the css styling and javascript scripts have to be *inline *in the file and cannot be imported in the html header from other script.js and style.css files like on a regular web page. Malevolent webpages and/or html does not have to do with typical security concerns (file read/write on your hard-drive) but instead have to do with mimicking graphical design and layout of the html page, (like for your own bank, and have your real name and personal info printed on it that they automatically got somewhere else because its public info) to have the user confidently put in credentials. (to enter a fake sweepstake, or fake login, etc...) So in conclusion, opening a local html file in your browser is not a security concern in itself. Félix On Sunday, September 7, 2025 at 6:10:22 AM UTC-4 Edward K. Ream wrote: > On Saturday, September 6, 2025 at 11:12:53 PM UTC-5 Félix wrote: > > @Edward @Brian > > Let me cook... 😎 > > > No doubt this is an interesting project. I'll be interested to see your > results! And I would be interested to hear your thoughts about security. > > Edward > -- You received this message because you are subscribed to the Google Groups "leo-editor" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/leo-editor/f8dbbdab-c18a-46f3-812e-c5fef7cd8871n%40googlegroups.com.
