Security when viewing local static html files, Browser security Options

[joej]

First of all I would like to say hello to all.

I am here looking for some answers regarding static HTML files and local browser security.

I am wanting to use some local HTML files as a GUI for keeping some hard coded, hobby related, non sensitive data for personal use.

The files will be static but will include some j query to show and hide divs etc. No server will be involved. These files will include some links to open on-line websites.

My concern is, will using these files locally without a server be a security risk (can anyone access my PC/phone/tablet etc whilst I am viewing these files through a browser).

Joe

[pandy]

No, I don't think there is an added risk. The risk will be the same as when you visit those other sites on the web without your local files involved.

[Christian J]

First of all I would like to say hello to all.

Hi and welcome

Viewing your own safe content locally shouldn't be dangerous. In fact most web pages might be more risky, due to malicious scripts being served from advertizing networks.

But (in my poor understanding) a compromised local page might do more damage than a compromised web page, due to less security restrictions locally. See https://blog.chromium.org/2008/12/security-...-web-pages.html for examples on how various older browsers tried to prevent that (no idea if it still applies today).

Note that this only applies if the browser runs malicious javascript, e.g. from an email (in addition to your local web page?). It could also happen if you'd load e.g. a jQuery library from a compromised hosting site (so it might be safer to use a local copy).

[joej]

Thanks to both of you for taking the time to reply.

I have been keeping and viewing HTML records (non sensitive data) like this for quite some time now mainly for the GUI and learning side of coding and never had a problem, but I had a friend ask me if using this method could be some sort of security risk. This got me thinking even though I was almost certain it was not but thought asking the more experienced could not hurt. I guess anything is possible with code, and I think the key words here are "sensitive data".

Interesting link Christian J, (6am here in the UK, :-() yawn!... gotta give that some more study later this evening after work.) I always use links to local copies of jQuery/framework libraries etc, then download an updated file if need be.

Thanks again, very helpful and have a good day.

[Christian J]

One way to compromise a browser might be through browser addons/extensions/toolbars. An addon might be legitimate when you first install it, but is later sold by the developer to someone else, and then changed into a malicious version through its automatic updates. I don't know if malicious addons can access your OS's file system, that might require further browser exploits to circumvent the checks mentioned in the link above.

In any case I assume malware from spam emails, ads, addons etc tries to target as many people's computers as possible, and is maybe not written to exploit the very few browsers that open local files. It's a completely different scenario if someone already knows that you use local files and tries to exploit that ("spearfishing"), and might be much harder to protect yourself against.