W3C home > Mailing lists > Public > public-html@w3.org > May 2008

Re: [whatwg] Review of the 3.16 section and the HTMLInputElementinterface

From: Maciej Stachowiak <mjs@apple.com>
Date: Thu, 15 May 2008 01:34:06 -0700
Cc: 'Samuel Santos' <samaxes@gmail.com>, 'WHATWG' <whatwg@whatwg.org>, 'HTMLWG' <public-html@w3.org>
Message-Id: <755874A3-77DB-42C3-9558-DDF510ADC848@apple.com>
To: Křištof Želechovski <giecrilj@stegny.2a.pl>

On May 14, 2008, at 9:55 AM, Křištof Želechovski wrote:

> I do not feel like having the file submission control styled and  
> customized in any way; submitting a file poses a serious security  
> and privacy risk so I would not like to see this control disguised  
> as something else.  Just like an alert window title, it should have  
> a consistent look for all applications.

The WebKit file input control would, I think, be safe to style because  
it does not have a text field to type into, so no matter what it looks  
like the user has to actively choose a file from the file open dialog  
after clicking on it. The designs of most other browsers would be  
vulnerable to disguising it as something else though, if the user can  
be tricked into typing a file path.

Regards,
Maciej


> Chris
>
> -----Original Message-----
> From: whatwg-bounces@lists.whatwg.org [mailto:whatwg-bounces@lists.whatwg.org 
> ] On Behalf Of Samuel Santos
> Sent: Wednesday, May 14, 2008 6:38 PM
> To: WHATWG; HTMLWG
> Subject: Re: [whatwg] Review of the 3.16 section and the  
> HTMLInputElementinterface
>
> This issue seems to be a very recurring and still unsolved problem  
> when dealing with Web internationalization / multi-language Web Apps.
> I would like to suggest this to be reviewed with an editor comment  
> please.
>
> Additionally, it's important if we could decorate separately the  
> file path text field and the browse button using CSS.
>
> Best reagards,
> Samuel Santos
>
Received on Thursday, 15 May 2008 08:34:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:55 UTC