W3C home > Mailing lists > Public > whatwg@whatwg.org > August 2004

[whatwg] File Upload Control

From: Ian Hickson <ian@hixie.ch>
Date: Thu, 26 Aug 2004 12:42:30 +0000 (UTC)
Message-ID: <Pine.LNX.4.61.0408261241230.21191@dhalsim.dreamhost.com>
On Wed, 18 Aug 2004, Lachlan Hunt wrote:
>
> Ian Hickson wrote:
> > File upload controls should never be stylable. If they were stylable, it
> > would be too easy to trick users into uploading private files, by making
> > them think they were normal text fields, for example.
> 
> How exactly would it make it any easier for a user to be tricked into
> selecting and uploading a private file if there was no visible browse button?
> The user would just be forced to type the full path manually, rather than
> selecting it with a GUI, so they would still no they were selecting a file.

You'd be surprised how easy it is to trick users into typing things like 
that. For example:

  Q3. What is the path to a Linux system's password file?
      [                       ]

  (( Submit Quiz ))

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 26 August 2004 05:42:30 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:36 UTC