W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2015

Re: Custom element lifecycle callbacks

From: Anne van Kesteren <annevk@annevk.nl>
Date: Fri, 9 Jan 2015 14:46:23 +0100
Message-ID: <CADnb78g7R2Y8BJGtLOJessJmHX8NG2uMefp-G1wRKC+4pd=wKg@mail.gmail.com>
To: Boris Zbarsky <bzbarsky@mit.edu>
Cc: WebApps WG <public-webapps@w3.org>
On Fri, Jan 9, 2015 at 2:29 PM, Boris Zbarsky <bzbarsky@mit.edu> wrote:
> On 1/9/15 7:14 AM, Anne van Kesteren wrote:
> OK.  So just to be clear, the type will be set before the input's cloning
> callback runs, yes?


>> It's a bit unclear to me why "When an input element's type attribute
>> changes state" does not sanitize this value
> When the type changes it sanitizes the value of the input.  Though I see
> nothing in the spec to indicate this; I filed
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=27791

As far as I can tell from the specification, when the value IDL
attribute is in the filename mode, any values that might be stored in
internal slots are ignored.

> Because if the cloning steps in HTML are left as-is but run after script can
> change the type, then you can create a file input with an arbitrary value
> filled in.  Which is a security concern.

As far as I can tell from the specification you cannot influence the
value returned by <input type=file>.value in any way.

Received on Friday, 9 January 2015 13:46:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:43 UTC