W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2004

[whatwg] File Upload Control

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 16 Nov 2004 14:42:03 +0000 (UTC)
Message-ID: <Pine.LNX.4.61.0411161441361.15500@dhalsim.dreamhost.com>
On Mon, 6 Sep 2004, Lachlan Hunt wrote:
>
> Ian Hickson wrote:
> > You'd be surprised how easy it is to trick users into typing things like
> > that. For example:
> > 
> >   Q3. What is the path to a Linux system's password file?
> >       [                       ]
> > 
> >   (( Submit Quiz ))
> 
> Do you mean just like these examples I just created?
> 
> http://lachy.id.au/dev/markup/examples/forms/file/

Indeed.


> I've have added comments about this security hole on bug 57770 in bugzilla.
> (comments 54 and 55)
> http://bugzilla.mozilla.org/show_bug.cgi?id=57770#c54

Thanks.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 16 November 2004 06:42:03 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:20 UTC