> I understand that there is a risk if we allow local HTML files to access anything, but there should be some way - for example, a file or directory might have some suffix that allows access to it.
> I do not want to use a web-server because it feels like overengineering and I don't want to open a terminal, navigate to a directory and start a server every time, it takes too much time. I just want to type the URL and have my app running
I'd love for there to be an "offline only" mode for browsers where you can either access the local filesystem or remote pages, but not both. I don't think this would completely solve the use case you describe, since there would still presumably be circumstances where it would be helpful to reference something external, but it feels like it would be pretty useful to be able to use a browser as a limited server for static files, and it would be relative simple and intuitive compared to needing to have something in the files themselves indicate the intended semantics.
Interesting, I also had an idea of "sandbox mode", into which the page can voluntarily switch after loading and which prevents it from using network, cookies or any ways to exfiltrate the data. This can be used for online utilities like text encryption, audio file format conversion etc. The browser could indicate that the page is in a sandbox mode so that the user can trust it.
I like that idea! It would be cool if pages choose to give up those permissions granularly as well, sort of like OpenBSD's `pledge`