Re: upload and upload/filename from John Keiser on 2002-09-26 (www-forms@w3.org from September 2002)

From: John Keiser <jkeiser@netscape.com>
Date: Thu, 26 Sep 2002 11:28:34 -0700
To: Micah Dubinko <MDubinko@cardiff.com>
CC: "'Kurt George Gjerde'" <kurt.gjerde@intermedia.uib.no>, www-forms@w3.org
Message-ID: <3D9351D2.3090805@netscape.com>

Micah Dubinko wrote:

>Hello,
>
>  
>
>>May the instance node referenced by upload contain initial data?
>>    
>>
>Yes.
>
>  
>
>>may the instance node referenced by upload/filename contain an initial
>>    
>>
>filename
>Yes. It is, however, *just* a filename. Nothing in the spec says to access
>the file or to put its contents into the instance data.
>  
>
A sane (security-wise) implementation would, in fact, never populate the 
file data using that filename.  It only writes to this field when the 
user changes the file.  JavaScript, additionally, can change instance 
data nodes (they are, after all, just XML elements) and it would be a 
real nono for upload inputs to take that data.

--John

Received on Thursday, 26 September 2002 14:29:08 UTC