Part 1: Why is the W3C spreading FUD about the File URL?

I will get right to the point — have you ever used a file url (file:///) ?

Probably yes, to open a locally stored compatible file in the browser—like html, png, pdf.

Actually a file:/// can be used to access set of html files along with images, style sheets (CSS), Javascript, media — you name it. Tie everything together with a table of contents (TOC) and the experience is similar to an eBook except inside the browser where everything that works online also works offline.

But the W3C doesn’t want you to work this way. Talk to W3C veterans and they’ll tell you file:/// is a security problem.

Challenge this assertion or ask for a demonstration and the matter is quickly dropped, because while in the past there were problems with file url, all the browsers disabled the vulnerability long ago.

A Little History

The file url spec was originally released by the IETF® (Internet Engineering Task Force) in 1994. Yes, way back in 1994!

And yes, the name of one of the authors is Mr Tim Berners-Lee!

So why would W3C veterans ritually condemn a spec created by their fearless leader?

The plot thickens…