- From: Karl O . Pinc <kop@meme.com>
- Date: Mon, 20 May 2002 10:49:07 -0500
- To: Sebastian Schnitzenbaumer <schnitz@mozquito.com>
- Cc: www-forms@w3.org
On 2002.05.20 10:19 Sebastian Schnitzenbaumer wrote: > Karl, > > couple of things. The idea about sending the pathname of > the file upload entered at entry time to the server and then > again showing a thumbnail at review time is a bad one > because of security problems. You can't fetch a web page > that tries to access local data, ie. two different host domains. > > The only exception here is the file upload widget, because > the user agent (browser) can assume that this has been > done by the user himself explicitly. Yes, thanks. This has all just been pointed out to me by the www-html@w3.org folks. But the file upload widget does take a value from the server, at least AFAICT from the spec. All I want is a way for the client to give the server a value that can be passed back to the file upload widget; something I _can_ do now, but only if I also upload a file. You've already opted to make the exception, you've just set it up so that users with less bandwidth are penalized if they use it. Karl <kop@meme.com>
Received on Monday, 20 May 2002 11:41:50 UTC