<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Andreas,<br>
<br>
</div>
<blockquote
cite="mid:CAKdk67txRkTPC0QntZPdmX3dFjkLhLKZ7hp=QfOK5JF1npQMyw@mail.gmail.com"
type="cite">
<div dir="ltr">AFAIK, x3dom also requires running a local web
server to access local files </div>
</blockquote>
<br>
Depends on browser. Firefox does not require a web server to use the
<a class="moz-txt-link-freetext" href="file://">file://</a> protocol. Other browsers do. It is in the browser
configuration. Different browsers have different methods of doing
configuration. Check with the docs for that browser.<br>
<br>
Note that this only applies to external resources used by non-HTML
elements. For example you can load scripts, images, CSS, etc. from
any location using <script>, <img>, <link>,
respectively. The referenced URL can change while the HTML page is
active. That is all fine. If script code tries to access an external
resource (via AJAX), the browser is suppose to get permission from
the server where the HTML originated before attempting to make that
request. This is to prevent malicious scripts from getting injected
into an HTML page, then requesting (or sending) data to a 3rd-party
server. See pages 9-11 of
<a class="moz-txt-link-freetext" href="http://realism.com/presentations/90?title=Drupal-in-3D%3A-Leveraging-WebGL-and-X3DOM-for-interactive-3D-content-visualization">http://realism.com/presentations/90?title=Drupal-in-3D%3A-Leveraging-WebGL-and-X3DOM-for-interactive-3D-content-visualization</a>
for a quick description of how to make this work.<br>
<br>
<br>
<blockquote
cite="mid:CAKdk67txRkTPC0QntZPdmX3dFjkLhLKZ7hp=QfOK5JF1npQMyw@mail.gmail.com"
type="cite">
<div dir="ltr">and suggests to uses the http server which comes
with python:<br>
<br>
<a moz-do-not-send="true"
href="http://doc.x3dom.org/gettingStarted/pythonSimpleHTTP/index.html">http://doc.x3dom.org/gettingStarted/pythonSimpleHTTP/index.html</a><br>
<div><br>
</div>
<div>Running a http server (but web browser ?) may be considered
a security hole if outgoing traffic somehow was not considered
in security design. </div>
</div>
</blockquote>
<br>
Please expand on this. Do you mean the simple python server, a
full-blown server on local (e.g., Apache), web server on the LAN, or
an external web server? There are different security issues in each
configuration and the risk goes from minimal to significant.<br>
<br>
<br>
<blockquote
cite="mid:CAKdk67txRkTPC0QntZPdmX3dFjkLhLKZ7hp=QfOK5JF1npQMyw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>A local http server would still work even if the machine is
physically disconnected from the network for maximum security.<br>
</div>
</div>
</blockquote>
<br>
Unless you really know what you are doing you should only go with
the simple python (or equivalent) server. <br>
<br>
<br>
<blockquote
cite="mid:CAKdk67txRkTPC0QntZPdmX3dFjkLhLKZ7hp=QfOK5JF1npQMyw@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>It may be possible to package a small local web server,
webkit with js engine, and javascript app (cobweb) into a
standalone application with a custom UI which can open local
files. But it would be a development effort and the resulting
application may be a larger security risk than a standard web
browser although it would not look like one.<br>
</div>
</div>
</blockquote>
<br>
No, please don't (for anyone here). Too much effort has already gone
into the development of web servers, browsers, JS engines, etc. to
justify doing this. <br>
<br>
-- <br>
<div class="moz-signature"><font class="tahoma,arial,helvetica san
serif" color="#333366">
<font size="+1"><b>Leonard Daly</b></font><br>
3D Systems & Cloud Consultant<br>
X3D Co-Chair on Sabbatical<br>
LA ACM SIGGRAPH Chair<br>
President, Daly Realism - <i>Creating the Future</i>
</font></div>
</body>
</html>