- From: Jonas Sicking <jonas@sicking.cc>
- Date: Thu, 15 May 2008 14:34:52 -0700
- To: Maciej Stachowiak <mjs@apple.com>
- CC: Křištof Želechovski <giecrilj@stegny.2a.pl>, 'Samuel Santos' <samaxes@gmail.com>, 'WHATWG' <whatwg@whatwg.org>, 'HTMLWG' <public-html@w3.org>
Maciej Stachowiak wrote: > > On May 14, 2008, at 9:55 AM, Křištof Želechovski wrote: >> I do not feel like having the file submission control styled and >> customized in any way; submitting a file poses a serious security and >> privacy risk so I would not like to see this control disguised as >> something else. Just like an alert window title, it should have a >> consistent look for all applications. > > The WebKit file input control would, I think, be safe to style because > it does not have a text field to type into, so no matter what it looks > like the user has to actively choose a file from the file open dialog > after clicking on it. The designs of most other browsers would be > vulnerable to disguising it as something else though, if the user can be > tricked into typing a file path. Because of this Firefox 3 does not allow typing filenames. If you click the input field it always brings up the file picker. / Jonas
Received on Thursday, 15 May 2008 21:39:14 UTC