- From: Henrik Dvergsdal <henrik.dvergsdal@hibo.no>
- Date: Tue, 27 Mar 2007 14:54:38 +0200
- To: public-html@w3.org
> Not at all... If the form submits via GET, all I have to do is add > a parameter in the URL. > You *always* have to check for valid input on the server side, else > you make attacks > possible... OK, I guess you're right. What if we restrict it to the post method and the "multipart/form-data" Content type? -- Henrik
Received on Tuesday, 27 March 2007 12:55:21 UTC