- From: Robin Berjon <robin.berjon@expway.fr>
- Date: Fri, 22 Sep 2006 19:25:42 +0000
- To: Ian Hickson <ian@hixie.ch>
- Cc: public-webapi@w3.org
Hi Ian,
On Sep 22, 2006, at 17:15, Ian Hickson wrote:
> It seems like it would make it possible, through an attack like the
> famous
> fast clicking game, to cause a user to select a file (probably at
> random,
> but from the user's home directory, so likely a confidential file).
There are well-known workarounds for this, notably delayed activation
of the dialogue. This could be noted in the specification.
> I would feel much more comfortable if the FileList API was provided
> merely
> as an extension to the HTMLInputElement interface, thus requiring
> authors
> to use an <input type=file> control, and requiring users to click the
> Browse button before the dialog would appear.
The problem with this solution is that it then requires that the
environment supports <input type=file>, which isn't always the case.
--
Robin Berjon
Senior Research Scientist
Expway, http://expway.com/
Received on Friday, 22 September 2006 21:12:55 UTC