- From: Karl O . Pinc <kop@meme.com>
- Date: Mon, 20 May 2002 09:25:15 -0500
- To: Dave J Woolley <david.woolley@bts.co.uk>
- Cc: www-html@w3.org
On 2002.05.20 05:26 Dave J Woolley wrote: > > > > My question to the w3 is why can't I allow the user to input the data > > all at once, identifying uploaded files by pathname, and have only the > > pathname make the round trip, and then submit the binary data for the > > > [DJW:] The browser must trust the pathname, otherwise > you have a "read any file" security problem. That's a very good answer. But <input type="file" value="foo"> has exactly the same problem. In fact, _that's_ where the problem is because that's how an upload has to be done. (If you didn't read my entire, humgous, e-mail I propose a way to deliver just a pathname to the server (<input type="pathname" name="pnam">. The server would send back a <input type="file" value="foo"> for the user to approve a final upload.) This wouldn't introduce a new flaw. It might make it more likely that the existing problem is exploited. This seems more a client implimentation issue. Clients could issue warnings when they receive a <input type="file" value="foo"> when "foo" is anything but "", or is a fully qualified pathname, or whatever, perhaps depending on the client's currrent working directory. Thanks. Karl <kop@meme.com>
Received on Monday, 20 May 2002 10:20:31 UTC