diff --git a/web/chromecom.js b/web/chromecom.js
index a4c9ee4aa..3c4a17e3c 100644
--- a/web/chromecom.js
+++ b/web/chromecom.js
@@ -113,6 +113,14 @@ var ChromeCom = (function ChromeComClosure() {
         });
         return;
       }
+      if (/^file?:/.test(file)) {
+        if (top !== window && !/^file:/i.test(location.ancestorOrigins[0])) {
+          PDFViewerApplication.error('Blocked ' + location.ancestorOrigins[0] +
+              ' from loading ' + file + '. Refused to load a local file in a ' +
+              ' non-local page for security reasons.');
+          return;
+        }
+      }
       PDFViewerApplication.open(file, 0);
     });
   };