- From: Manuel Strehl <svg@manuel-strehl.de>
- Date: Wed, 26 Feb 2014 09:39:34 +0100
- To: public-html@w3.org
Hi, a security question: should UAs guard against this? <input name="foo[0]" value="a"> <input name="foo[9999999999]" value="b"> sending a huge response containing mainly "null"s? It could provide a means of DDoS attacks via CSRF. Should the spec define a cut-off length, or should it be left to implementors? Manuel Am 25.2.2014 17:00, schrieb Robin Berjon: > Hi all, > > I've put together a small and simple extension specification proposal. > Essentially, it adds "application/json" as a potential enctype for > HTML forms so that submitting JSON directly from forms becomes > possible. > > Since just reproducing existing encodings in JSON syntax would bring > relatively little value to the table, the JSON encoding makes it > possible to generate structured JSON from forms based on simple > conventions for the name attribute. > > You can read it here: > > http://darobin.github.io/formic/specs/json/ > > If the group agrees, I'd like to see this taken up as a deliverable. > > Enjoy!
Received on Wednesday, 26 February 2014 08:39:58 UTC