Forum How do I...?

iframe access to local files

pkjackson
Hi,

I need to fix the security hole where an iframe can access local files. My security testers managed to do this on UNIX. I'm on Windows and the problem is that I can't get princexml to read in a local file with an iframe.


According to this page: https://www.princexml.com/doc/server-integration/#local-files princexml allows local access by default and it needs to be turned off.

Here's my code snippet:

<iframe style="border:1px solid red; width:100%; height:600px;" src="file:///c:/temp/1.txt"></iframe>


Prince just renders an empty iframe. Any ideas why? i need to repeat the problem before fixing!


Regards Peter
mikeday
Can you check if loading local images works with <img src="...">?