Enable Javascript for local .html files

James Richard Tyrer tyrerj at acm.org
Fri Dec 5 21:18:47 GMT 2008


Stefanos Harhalakis wrote:
> On Friday 05 December 2008, James Richard Tyrer wrote:
>> Thiago Macieira wrote:
>>> On Thursday 04 December 2008 09:54:08 James Richard Tyrer wrote:
>>>> "This is ordinarily implemented using only 127.0.0.1/32 for loopback"
>>>>
>>>> So, 127.0.0.0 normally is the IP address for localhost and 127.0.0.1 is
>>>> a loopback address.  I am not an expert, only that that is what I read
>>>> in a Linux manual.
>>> $ /sbin/ip route | grep ' lo '
>>> 127.0.0.0/8 dev lo  scope link
>>>
>>> The whole 127.0.0.0/8 network is reserved for loopback.
>> So, the quote from rfc3330 is incorrect?
> 
> The quote is correct since it says 'ordinarily'. Most probably the 127.0.0.0/8 
> network will be routed to a loopback device or nowhere at all. This quote 
> only says that the 127.0.0.1 address will be assigned to the localhost most 
> of the time.
> 
>> But, the question is whether or not you can put 127.0.0.0 in the
>> JavaSctipt KCM to refer to the host system?
> 
> If you want to be extra secure, I'd propose the 127.0.0.1/32 address which 
> should work for all cases. Of course someone may have more than one such 
> loopback addresses, (for example) one for each virtualhost, for testing 
> purposes.
> 
> Personally I believe that if 127.0.0.0/8 isn't a localhost-only network there 
> are other dangers too and that it is safe to make such an assumption.
> 
> Also look in page 4 of RFC1700:
> 
> (g)   {127, <any>}
>          Internal host loopback address.  Should never appear outside
>          a host.
> 
I guess that the answer is that there isn't really a definite answer. 
Yes, I really hate it when that happens.

So, it looks like it wouldn't be safe to use the numerical address since 
it would probably vary from system to system if even 127.0.0.0 wouldn't 
always be OK.  I have SendMail assigned to listen at 127.0.0.1 so you 
wouldn't want to use that on my system.

It isn't safe to use 'localhost' either since some people name their 
systems (tends to cause problems) -- the RedHat installer (at least it 
used to) asked you to name your system.

So, it might be a good idea to add a box to enable JavaScript for local 
files if that was possible.  It would also need a "Configure" button.

Probably the same would be true for Java since the widget is quite similar.

-- 
JRT





More information about the kfm-devel mailing list