On 2002.05.20 05:26 Dave J Woolley wrote: > > > > My question to the w3 is why can't I allow the user to input the data > > all at once, identifying uploaded files by pathname, and have only the > > pathname make the round trip, and then submit the binary data for the > > > [DJW:] The browser must trust the pathname, otherwise > you have a "read any file" security problem. That's a very good answer. But <input type="file" value="foo"> has exactly the same problem. In fact, _that's_ where the problem is because that's how an upload has to be done. (If you didn't read my entire, humgous, e-mail I propose a way to deliver just a pathname to the server (<input type="pathname" name="pnam">. The server would send back a <input type="file" value="foo"> for the user to approve a final upload.) This wouldn't introduce a new flaw. It might make it more likely that the existing problem is exploited. This seems more a client implimentation issue. Clients could issue warnings when they receive a <input type="file" value="foo"> when "foo" is anything but "", or is a fully qualified pathname, or whatever, perhaps depending on the client's currrent working directory. Thanks. Karl <kop@meme.com>Received on Monday, 20 May 2002 10:20:31 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 6 April 2009 12:59:16 GMT