W3C home > Mailing lists > Public > public-html@w3.org > May 2008

Re: [whatwg] Review of the 3.16 section and the HTMLInputElementinterface

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 15 May 2008 14:34:52 -0700
Message-ID: <482CAC7C.2020407@sicking.cc>
To: Maciej Stachowiak <mjs@apple.com>
CC: Křištof Želechovski <giecrilj@stegny.2a.pl>, 'Samuel Santos' <samaxes@gmail.com>, 'WHATWG' <whatwg@whatwg.org>, 'HTMLWG' <public-html@w3.org>

Maciej Stachowiak wrote:
> 
> On May 14, 2008, at 9:55 AM, Křištof Želechovski wrote:
>> I do not feel like having the file submission control styled and 
>> customized in any way; submitting a file poses a serious security and 
>> privacy risk so I would not like to see this control disguised as 
>> something else.  Just like an alert window title, it should have a 
>> consistent look for all applications.
> 
> The WebKit file input control would, I think, be safe to style because 
> it does not have a text field to type into, so no matter what it looks 
> like the user has to actively choose a file from the file open dialog 
> after clicking on it. The designs of most other browsers would be 
> vulnerable to disguising it as something else though, if the user can be 
> tricked into typing a file path.

Because of this Firefox 3 does not allow typing filenames. If you click 
the input field it always brings up the file picker.


/ Jonas
Received on Thursday, 15 May 2008 21:39:14 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:31 UTC