If the user selects a file via
<input type="file">, you can read and process that file using the File API.
potential for malicious authors to
deliver scripts to run on a client
computer via the web. Browser authors
contain this risk using two
restrictions. First, scripts run in a
sandbox in which they can only perform
web-related actions, not
general-purpose programming tasks like
2016 UPDATE: Accessing the filesystem directly is possible via the Filesystem API, which is only supported by Chrome and Opera and may end up not being implemented by other browsers (with the exception of Edge). For details see Kevin’s answer.