Re: XHR suggestion: multipart/form-data formatting methods?

On 6/19/06, Alex Vincent <ajvincent@gmail.com> wrote:
>
>
> Currently, the XHR specification doesn't include the possibility of
> multipart/form-data methods - which can be useful for POST requests.
> Typically, the body of a HTTP request contains the data fields - but a
> largish field value could be problematic.
>
> Maybe a few additional methods might be handy.  Like a
> setBodyValue(name, value) method - or for file uploads,
> setBodyFile(name, contents, fileName).  Once these becomes used for a
> particular request, then, the send() method call must be with a null
> argument.


I don't think it is as simple as this. Firstly, these methods would be
request's content-type specific. Secondly, passing the method with the file
name like you suggest is a security risk. Just think about a script
uploading your cookies files using XHR when you visit a rogue site.

Subbu

I'm not going to force this down anyone's throat, though.  It's just a
> suggestion.
>
> --
> "The first step in confirming there is a bug in someone else's work is
> confirming there are no bugs in your own."
> -- Alexander J. Vincent, June 30, 2001
>
>


-- 
------------------------------
http://www.subbu.org

Received on Tuesday, 20 June 2006 05:41:11 UTC