- From: Ian Hickson <ian@hixie.ch>
- Date: Thu, 26 Aug 2004 12:42:30 +0000 (UTC)
On Wed, 18 Aug 2004, Lachlan Hunt wrote:
>
> Ian Hickson wrote:
> > File upload controls should never be stylable. If they were stylable, it
> > would be too easy to trick users into uploading private files, by making
> > them think they were normal text fields, for example.
>
> How exactly would it make it any easier for a user to be tricked into
> selecting and uploading a private file if there was no visible browse button?
> The user would just be forced to type the full path manually, rather than
> selecting it with a GUI, so they would still no they were selecting a file.
You'd be surprised how easy it is to trick users into typing things like
that. For example:
Q3. What is the path to a Linux system's password file?
[ ]
(( Submit Quiz ))
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 26 August 2004 05:42:30 UTC