Hi Ian, On Sep 22, 2006, at 17:15, Ian Hickson wrote: > It seems like it would make it possible, through an attack like the > famous > fast clicking game, to cause a user to select a file (probably at > random, > but from the user's home directory, so likely a confidential file). There are well-known workarounds for this, notably delayed activation of the dialogue. This could be noted in the specification. > I would feel much more comfortable if the FileList API was provided > merely > as an extension to the HTMLInputElement interface, thus requiring > authors > to use an <input type=file> control, and requiring users to click the > Browse button before the dialog would appear. The problem with this solution is that it then requires that the environment supports <input type=file>, which isn't always the case. -- Robin Berjon Senior Research Scientist Expway, http://expway.com/Received on Friday, 22 September 2006 21:12:55 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT