W3C home > Mailing lists > Public > www-html@w3.org > April 2003

Re: File Selection with HTML

From: Joris Huizer <joris_huizer@yahoo.com>
Date: Mon, 28 Apr 2003 08:03:38 -0700 (PDT)
Message-ID: <20030428150338.16544.qmail@web20208.mail.yahoo.com>
To: "Meyer, Stephen" <smeyer01@harris.com>, "'www-html@w3.org'" <www-html@w3.org>

This is a savety problem. you could do
  <input type="file" value="C:\secrets.txt"
style="display:none">

assuming a file in dos or windows on C:\secrets.txt -
and a lack of true savety precautions on this file, I
could upload you're secrets.


Now I think this idea is ridiculous: this theory
assumes a webdesigner would know EXACTLY where a file
is - I think it's save to say such a file must be a
system file. Even if you would know where passwords
are stored, you can't get through encryption (unless
we all are at great risc on the internet anyway)


--- "Meyer, Stephen" <smeyer01@harris.com> wrote:
> Hello,
>   I am having an issue with HTML file selection.  On
> my page if a value that the
> user selected is displayed in the file selection
> text field and then a submit
> button is selected the value disappears if the
> submit had an error.  The html
> page has text values and a file selection value that
> are validated upon submit.
> If the validation fails the page returns with an
> error message.  All the text
> values remain but the value in the file selection
> text field is gone.  I can see
> it in the 'VALUE=' field if I view the source code
> but it does not display on
> the page.  Has anyone ran across this issue before? 
> It happens with IE 5.5 and
> Netscape 4.77.  Any help is appreciated.
>  
> Steve Meyer
> 


__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com
Received on Monday, 28 April 2003 11:03:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:55 GMT