I'm of the opinion that there is no need to distinguish between local and non-local schemes, such as it is in the case where a non-local (say, http) URI cannot load or embed a local (say, file) scheme.
I've heard that there must have been reasons for such a restriction to be introduced. I hereby would like to reaccess those reasons and ask the people who originally drove the implementation to justify that restriction with regard to contemporary security issues. As a preclaimer to any argument I would like to cleary state that there IS NO INTRINSIC DIFFERENCE BETWEEN LOCAL AND NON-LOCAL RESOURCES. Both have equal rights to demand security. The only difference lies in the protocol being used to access them and what has to considered a distinct domain with regard to same-origin-policy. For reading, it's of no relevance, whether a file is at file:// , http:// , ftp:// , scp:// , or etc. Hence, limitations randomly imposed on either of the schemes are superflous and a wrong approach to whatever possible security considerations might have been made. -- regards, ManDay _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev