W3C home > Mailing lists > Public > public-webapi@w3.org > June 2006

Re: XHR suggestion: multipart/form-data formatting methods?

From: Subbu Allamaraju <subbu.allamaraju@gmail.com>
Date: Mon, 19 Jun 2006 14:57:35 -0600
Message-ID: <e3f21b1a0606191357h3c6df584s2e38dd0db1b80d42@mail.gmail.com>
To: public-webapi@w3.org
On 6/19/06, Alex Vincent <ajvincent@gmail.com> wrote:
> Currently, the XHR specification doesn't include the possibility of
> multipart/form-data methods - which can be useful for POST requests.
> Typically, the body of a HTTP request contains the data fields - but a
> largish field value could be problematic.
> Maybe a few additional methods might be handy.  Like a
> setBodyValue(name, value) method - or for file uploads,
> setBodyFile(name, contents, fileName).  Once these becomes used for a
> particular request, then, the send() method call must be with a null
> argument.

I don't think it is as simple as this. Firstly, these methods would be
request's content-type specific. Secondly, passing the method with the file
name like you suggest is a security risk. Just think about a script
uploading your cookies files using XHR when you visit a rogue site.


I'm not going to force this down anyone's throat, though.  It's just a
> suggestion.
> --
> "The first step in confirming there is a bug in someone else's work is
> confirming there are no bugs in your own."
> -- Alexander J. Vincent, June 30, 2001

Received on Tuesday, 20 June 2006 05:41:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:21 UTC