W3C home > Mailing lists > Public > www-forms@w3.org > September 2002

Re: upload and upload/filename

From: John Keiser <jkeiser@netscape.com>
Date: Thu, 26 Sep 2002 11:28:34 -0700
Message-ID: <3D9351D2.3090805@netscape.com>
To: Micah Dubinko <MDubinko@cardiff.com>
CC: "'Kurt George Gjerde'" <kurt.gjerde@intermedia.uib.no>, www-forms@w3.org


Micah Dubinko wrote:

>Hello,
>
>  
>
>>May the instance node referenced by upload contain initial data?
>>    
>>
>Yes.
>
>  
>
>>may the instance node referenced by upload/filename contain an initial
>>    
>>
>filename
>Yes. It is, however, *just* a filename. Nothing in the spec says to access
>the file or to put its contents into the instance data.
>  
>
A sane (security-wise) implementation would, in fact, never populate the 
file data using that filename.  It only writes to this field when the 
user changes the file.  JavaScript, additionally, can change instance 
data nodes (they are, after all, just XML elements) and it would be a 
real nono for upload inputs to take that data.

--John
Received on Thursday, 26 September 2002 14:29:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Saturday, 10 March 2012 06:21:52 GMT