- From: Subbu Allamaraju <subbu.allamaraju@gmail.com>
- Date: Mon, 19 Jun 2006 14:57:35 -0600
- To: public-webapi@w3.org
- Message-ID: <e3f21b1a0606191357h3c6df584s2e38dd0db1b80d42@mail.gmail.com>
On 6/19/06, Alex Vincent <ajvincent@gmail.com> wrote: > > > Currently, the XHR specification doesn't include the possibility of > multipart/form-data methods - which can be useful for POST requests. > Typically, the body of a HTTP request contains the data fields - but a > largish field value could be problematic. > > Maybe a few additional methods might be handy. Like a > setBodyValue(name, value) method - or for file uploads, > setBodyFile(name, contents, fileName). Once these becomes used for a > particular request, then, the send() method call must be with a null > argument. I don't think it is as simple as this. Firstly, these methods would be request's content-type specific. Secondly, passing the method with the file name like you suggest is a security risk. Just think about a script uploading your cookies files using XHR when you visit a rogue site. Subbu I'm not going to force this down anyone's throat, though. It's just a > suggestion. > > -- > "The first step in confirming there is a bug in someone else's work is > confirming there are no bugs in your own." > -- Alexander J. Vincent, June 30, 2001 > > -- ------------------------------ http://www.subbu.org
Received on Tuesday, 20 June 2006 05:41:11 UTC