W3C home > Mailing lists > Public > www-html@w3.org > May 2002

Re: XHTML/XForms limits "preview submission" idiom

From: Karl O . Pinc <kop@meme.com>
Date: Mon, 20 May 2002 09:25:15 -0500
To: Dave J Woolley <david.woolley@bts.co.uk>
Cc: www-html@w3.org
Message-id: <20020520092515.M1759@mofo.meme.com>
On 2002.05.20 05:26 Dave J Woolley wrote:
> 
> 
> > My question to the w3 is why can't I allow the user to input the data
> > all at once, identifying uploaded files by pathname, and have only the
> > pathname make the round trip, and then submit the binary data for the
> >
> 	[DJW:]  The browser must trust the pathname, otherwise
> 	you have a "read any file" security problem.

That's a very good answer.  But <input type="file" value="foo">
has exactly the same problem.  In fact, _that's_ where the problem is
because that's how an upload has to be done.  (If you didn't read
my entire, humgous,  e-mail I propose a way to deliver just a pathname
to the server (<input type="pathname" name="pnam">.  The server would
send back a <input type="file" value="foo"> for the user to approve a
final upload.)

This wouldn't introduce a new flaw.  It might make it more likely that
the existing problem is exploited. This seems more a client implimentation
issue.  Clients could issue warnings when they receive a <input
type="file" value="foo"> when "foo" is anything but "", or is a fully
qualified pathname, or whatever, perhaps depending on the client's
currrent working directory.

Thanks.

Karl <kop@meme.com>
Received on Monday, 20 May 2002 10:20:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:51 GMT