This attack relies on client side code to access local files and resources
						instead of URLs. When the client browser is expecting a URL string, but
						instead receives a request for a local file, that execution is likely to
						occur in the browser process space with the browser's authority to local
						files. The attacker can send the results of this request to the local files
						out to a site that they control. This attack may be used to steal sensitive
						authentication data (either local or remote), or to gain system profile
						information to launch further attacks.