W3C home > Mailing lists > Public > public-webapi@w3.org > June 2006

Re: XHR suggestion: multipart/form-data formatting methods?

From: Subbu Allamaraju <subbu.allamaraju@gmail.com>
Date: Mon, 19 Jun 2006 14:57:35 -0600
Message-ID: <e3f21b1a0606191357h3c6df584s2e38dd0db1b80d42@mail.gmail.com>
To: public-webapi@w3.org
On 6/19/06, Alex Vincent <ajvincent@gmail.com> wrote:
>
>
> Currently, the XHR specification doesn't include the possibility of
> multipart/form-data methods - which can be useful for POST requests.
> Typically, the body of a HTTP request contains the data fields - but a
> largish field value could be problematic.
>
> Maybe a few additional methods might be handy.  Like a
> setBodyValue(name, value) method - or for file uploads,
> setBodyFile(name, contents, fileName).  Once these becomes used for a
> particular request, then, the send() method call must be with a null
> argument.


I don't think it is as simple as this. Firstly, these methods would be
request's content-type specific. Secondly, passing the method with the file
name like you suggest is a security risk. Just think about a script
uploading your cookies files using XHR when you visit a rogue site.

Subbu

I'm not going to force this down anyone's throat, though.  It's just a
> suggestion.
>
> --
> "The first step in confirming there is a bug in someone else's work is
> confirming there are no bugs in your own."
> -- Alexander J. Vincent, June 30, 2001
>
>


-- 
------------------------------
http://www.subbu.org
Received on Tuesday, 20 June 2006 05:41:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT