You need to use the file:///
protocol (yes, that’s three slashes) if you want to link to local files.
<a href="file:///C:\Programs\sort.mw">Link 1</a> <a href="file:///C:\Videos\lecture.mp4">Link 2</a>
These will never open the file in your local applications automatically. That’s for security reasons which I’ll cover in the last section. If it opens, it will only ever open in the browser. If your browser can display the file, it will, otherwise it will probably ask you if you want to download the file.
You cannot cross from http(s) to the file protocol
Modern versions of many browsers (e.g. Firefox and Chrome) will refuse to cross from the http(s) protocol to the file protocol to prevent malicious behaviour.
This means a webpage hosted on a website somewhere will never be able to link to files on your hard drive. You’ll need to open your webpage locally using the file protocol if you want to do this stuff at all.
Why does it get stuck without file:///
?
The first part of a URL is the protocol. A protocol is a few letters, then a colon and two slashes. HTTP://
and FTP://
are valid protocols; C:/
isn’t and I’m pretty sure it doesn’t even properly resemble one.
C:/
also isn’t a valid web address. The browser could assume it’s meant to be http://c/
with a blank port specified, but that’s going to fail.
Your browser may not assume it’s referring to a local file. It has little reason to make that assumption because webpages generally don’t try to link to peoples’ local files.
So if you want to access local files: tell it to use the file protocol.
Why three slashes?
Because it’s part of the File URI scheme. You have the option of specifying a host after the first two slashes. If you skip specifying a host it will just assume you’re referring to a file on your own PC. This means file:///C:/etc
is a shortcut for file://localhost/C:/etc
.
These files will still open in your browser and that is good
Your browser will respond to these files the same way they’d respond to the same file anywhere on the internet. These files will not open in your default file handler (e.g. MS Word or VLC Media Player), and you will not be able to do anything like ask File Explorer to open the file’s location.
This is an extremely good thing for your security.
Sites in your browser cannot interact with your operating system very well. If a good site could tell your machine to open lecture.mp4 in VLC.exe, a malicious site could tell it to open virus.bat in CMD.exe. Or it could just tell your machine to run a few Uninstall.exe files or open File Explorer a million times.
This may not be convenient for you, but HTML and browser security weren’t really designed for what you’re doing. If you want to be able to open lecture.mp4 in VLC.exe consider writing a desktop application instead.