Why do browsers disallow accessing files from local file system even if the HTML document is also on the local file system?
Many browsers do not allow you to access files on the local filesystem with JavaScript (even if the HTML document is also on the local filesystem).
(source)
Yes I know that the solution is to "install and use a HTTP server for local development" nonetheless I don't understand why should this be required? Allowing a webpage to access local filesystem would obviously be horrible, but what are the risks of accessing local filesystem from local filesystem?
Any time I run a shell script I'm doing this and shell scripts don't prevent me from running cat. The way I'm getting it if I run anything from local filesystem (be it an arbitrary executable, executable I've compiled myself, or an interpreted script, which includes a HTML or JS document!) I'm expected to know what I'm running. Why are JS scripts run in a browser exempt from this assumption? If I have the habit of carelessly running malware from local filesystem I can easily screw myself up in a plethora of ways other than opening a HTML document.
Also: isn't CORS supposed to prohibit cross-origin resource loading? To my understanding requesting a local filesystem resource from a local filesystem resource is hardly cross-origin, rather this is the very same origin, so I don't understand why would CORS be complaining.
On top of that, is requiring me to run a HTTP server for local development improving anything? Doing so requires me to needlessly open a port on localhost. Clearly this can be done in such a way that will prevent outside world from talking to my local server (isn't denying incoming connections enough?) but why open a listening port if I don't have to?
What am I failing to understand here?
EDIT: On the second thought, I do see one reason. Browsers allow users to save a webpage locally. It would make sense to be able to open such webpage in a way that will not damage the local system any more than loading this same webpage from the internet.
