- From: Klotz, Leigh <Leigh.Klotz@pahv.xerox.com>
- Date: Thu, 24 Apr 2003 11:07:20 -0700
- To: "'Luca Zago'" <lzago@e-tree.com>, "'www-forms@w3.org'" <www-forms@w3.org>
There is a <filename> child element of <upload> whose binding points to a location in the instance where the filename of the uploaded resource should go, if one is available. This data is equivalent to the filename parameter in multipart/form-data RFC 2387. Note that the specification says that the filename is essentially write-only; i.e., we don't want form authors with nefarious intent to have s silent control that automatically uploads a secret file off a form user's system without any user interaction. One concern about making the filename be specified as a default for the user to examine and approve is the possibility that some rich clients might allow scripted access that would permit an authored script to automatically click on the upload control and accept the default. Since the danger associated with specifying that <filename> affects the initial file for <upload> is so great in the general case, we say in the spec that it doesn't do it. If you are writing your own XForms processor and you want to extend the upload control so that you can specify the default filename, and you know what filenames look like (i.e. is it "/home/klotz/foo.txt" or "AI:KLOTZ;FOO TXT" or "\\virus\klotz\foo.txt" or "DSC0001.JPG"?) then you can simply read the value from the filename binding site. It won't be interoperable with other implementations that don't provide the feature, but it will degrade gracefully. You are then responsible for the security issues in your own implementation (which should come as no surprise). Leigh. -----Original Message----- From: Luca Zago [mailto:lzago@e-tree.com] Sent: Thursday, April 24, 2003 1:31 AM To: www-forms@w3.org Subject: Re: Upload control. Hi Rob, you are right about that, but my issue is how in the same implementation I can tell the processor that I want to browse a local or remote filesystem. I need a sort of label or the explicit definition of the root path, to distinguish it... Rob Bull wrote: > Luca, > > As I understand it, the spec doesn't really care where the file that you are > uploading is coming from, it is up to the implementation to allow you to > browse files on remote machines. > > Best Regards > > Rob > > ----- Original Message ----- > From: "Luca Zago" <lzago@e-tree.com> > To: <www-forms@w3.org> > Sent: Wednesday, April 23, 2003 6:51 PM > Subject: Upload control. > > > | > | Hi, > | I was thinking about possible scenarios in which it can be used. > | For example if I should define to browse a different filesystem from > | local in some occasion...where can I specify it in the control > | definition if I want local browsing or remote browsing to be complaint > | with the specs? > | Could I extend it with some attributes? > | > | Thank you in advance for the suggestions. > | > | > | -- > | Luca Zago > | Senior IT Developer > | _____________________________________________________ > | > | E-TREE S.p.a. Via Fonderia 43 - 31100 Treviso (Italy) > | phone +39.0422.3107 > | fax +39.0422.310888 > | http://www.e-tree.com http://www.webanana.com > | _____________________________________________________ > | > | > | > > -- Luca Zago Senior IT Developer _____________________________________________________ E-TREE S.p.a. Via Fonderia 43 - 31100 Treviso (Italy) phone +39.0422.3107 fax +39.0422.310888 http://www.e-tree.com http://www.webanana.com _____________________________________________________
Received on Thursday, 24 April 2003 14:07:25 UTC