On 6/19/06, Alex Vincent <ajvincent@gmail.com> wrote: > > > Currently, the XHR specification doesn't include the possibility of > multipart/form-data methods - which can be useful for POST requests. > Typically, the body of a HTTP request contains the data fields - but a > largish field value could be problematic. > > Maybe a few additional methods might be handy. Like a > setBodyValue(name, value) method - or for file uploads, > setBodyFile(name, contents, fileName). Once these becomes used for a > particular request, then, the send() method call must be with a null > argument. I don't think it is as simple as this. Firstly, these methods would be request's content-type specific. Secondly, passing the method with the file name like you suggest is a security risk. Just think about a script uploading your cookies files using XHR when you visit a rogue site. Subbu I'm not going to force this down anyone's throat, though. It's just a > suggestion. > > -- > "The first step in confirming there is a bug in someone else's work is > confirming there are no bugs in your own." > -- Alexander J. Vincent, June 30, 2001 > > -- ------------------------------ http://www.subbu.orgReceived on Tuesday, 20 June 2006 05:41:11 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT