Are there any ways in which a local html + js file (without local server) can be harmful?
I am maintaining a scientific visualisation tool for a number of corporations.
Currently, it is basically an Excel sheet without macro. So the possiblities to do cool stuff is somewhat limited. So I am looking at how we could get into some more real programming.
Problem is, these corporations are all super tight on security. So macros in excel are banned for most of them for security reasons.
I was thinking about rewriting it into a local html file instead and do the necessary calculations in js, without opening a local server. Then I should be able to develop all functionality needed, while keeping the application very safe.
Or at least so I think?
This app wouldn't be able to access file system, or send info to 3rd party right?
Is there some other security concern I might be missing?
Juan Pablo Isaza
The short answer is "yes", the long answer is "you are probably fine".
If you think about it, it is very easy to get somebody to load your website. If that would be enough to harm the machine, we would be in big trouble.