Is this warning still valid?

Is this warning still valid? It’s in the doc for DesktopHTMLViewer:

If not then I’ll file an Issue (I use this method signature on Windows, seems to work).

I don’t remember the specifics right now. There should be a feedback case as I remember debugging it with William. It may no longer be an issue, but if it’s CEF security related then I wouldn’t rely on it. There could be some elements that are blocked from rendering and just fail silently.

I’m pretty sure that with CEF Xojo can make it work seamlessly despite of any default extra security. So I guess some engine version may have broken it, Xojo documented it as it is shown, and later Xojo fixed it and not updated the docs, because it works.

One thing I remember from CEF security, not checked, was some discussions about walking paths backwards as “../../anotherFolder/somethingThatShouldNotBeAccessed.html”

But forward should be ok.

I think it was more along the lines of loading local external resources blocking execution, IE: file:// paths

Keyword is think. I’m away from my desk today and trying to be helpful from memory.

Relative paths loads, as “folder1/image.gif”, “css/things.css”, “extra/more.html”.

So all the basics works.

Yeah, it may be an outdated warning then.

The problem can be related to explicit “file://” protocol. Also, not tested. Just a dusty memory…

New issue here.