W3C home > Mailing lists > Public > public-webapi@w3.org > September 2006

Re: [File Upload] Security problems with File Upload

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 22 Sep 2006 19:36:00 +0000 (UTC)
To: Robin Berjon <robin.berjon@expway.fr>
Cc: public-webapi@w3.org
Message-ID: <Pine.LNX.4.62.0609221934150.13053@dhalsim.dreamhost.com>

On Fri, 22 Sep 2006, Robin Berjon wrote:
> > 
> > I would feel much more comfortable if the FileList API was provided 
> > merely as an extension to the HTMLInputElement interface, thus 
> > requiring authors to use an <input type=file> control, and requiring 
> > users to click the Browse button before the dialog would appear.
> 
> The problem with this solution is that it then requires that the 
> environment supports <input type=file>, which isn't always the case.

Hm. Could we split the spec into two parts, one for those environments 
without HTML, and one for those with? It would be good to keep the APIs 
for browsers to an absolute minimum, especially now with the ballooning 
number of new APIs that are being specified, and for HTML browsers I 
really think it would be much simpler (and safer) to stick this on the end 
of HTMLInputElement rather than have a whole new API.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Friday, 22 September 2006 19:36:09 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT