[whatwg] Review of the 3.16 section and the HTMLInputElementinterface

Maciej Stachowiak wrote:
> 
> On May 14, 2008, at 9:55 AM, K?i?tof ?elechovski wrote:
>> I do not feel like having the file submission control styled and 
>> customized in any way; submitting a file poses a serious security and 
>> privacy risk so I would not like to see this control disguised as 
>> something else.  Just like an alert window title, it should have a 
>> consistent look for all applications.
> 
> The WebKit file input control would, I think, be safe to style because 
> it does not have a text field to type into, so no matter what it looks 
> like the user has to actively choose a file from the file open dialog 
> after clicking on it. The designs of most other browsers would be 
> vulnerable to disguising it as something else though, if the user can be 
> tricked into typing a file path.

Because of this Firefox 3 does not allow typing filenames. If you click 
the input field it always brings up the file picker.


/ Jonas

Received on Thursday, 15 May 2008 14:34:52 UTC