Comment 22 for bug 1393515

Can I kill option 1 right away? Capturing file:// in the browser won't even work as a band-aid in the short term. All it would take to get around that would be for me to open a page that contains some links to file: URLs and navigate to them. Yes, we have an API to intercept navigations in the main frame, but then I could get around that by making sure they navigate a subframe. Even if we had an API to intercept subframe navigations (and we definitely shouldn't), a webpage can still embed media or image elements pointing to file: URLs (of course, same origin restrictions prevent a remote attacker from being able to access the contents them, but a page can still display them to the user).