W3C home > Mailing lists > Public > www-forms@w3.org > May 2002

Re: XHTML/XForms limits "preview submission" idiom

From: Karl O . Pinc <kop@meme.com>
Date: Mon, 20 May 2002 10:49:07 -0500
To: Sebastian Schnitzenbaumer <schnitz@mozquito.com>
Cc: www-forms@w3.org
Message-id: <20020520104907.S1759@mofo.meme.com>
On 2002.05.20 10:19 Sebastian Schnitzenbaumer wrote:
> Karl,
> 
> couple of things. The idea about sending the pathname of
> the file upload entered at entry time to the server and then
> again showing a thumbnail at review time is a bad one
> because of security problems. You can't fetch a web page
> that tries to access local data, ie. two different host domains.
> 
> The only exception here is the file upload widget, because
> the user agent (browser) can assume that this has been
> done by the user himself explicitly.

Yes, thanks.  This has all just been pointed out to me by
the www-html@w3.org folks.

But the file upload widget does take a value from the
server, at least AFAICT from the spec.  All I want is a way
for the client to give the server a value that can be
passed back to the file upload widget; something I _can_
do now, but only if I also upload a file.  You've already
opted to make the exception, you've just set it up so
that users with less bandwidth are penalized if they use it.

Karl <kop@meme.com>
Received on Monday, 20 May 2002 11:41:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:21:51 GMT