W3C home > Mailing lists > Public > whatwg@whatwg.org > May 2008

[whatwg] Review of the 3.16 section and the HTMLInputElementinterface

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 15 May 2008 14:34:52 -0700
Message-ID: <482CAC7C.2020407@sicking.cc>
Maciej Stachowiak wrote:
> On May 14, 2008, at 9:55 AM, K?i?tof ?elechovski wrote:
>> I do not feel like having the file submission control styled and 
>> customized in any way; submitting a file poses a serious security and 
>> privacy risk so I would not like to see this control disguised as 
>> something else.  Just like an alert window title, it should have a 
>> consistent look for all applications.
> The WebKit file input control would, I think, be safe to style because 
> it does not have a text field to type into, so no matter what it looks 
> like the user has to actively choose a file from the file open dialog 
> after clicking on it. The designs of most other browsers would be 
> vulnerable to disguising it as something else though, if the user can be 
> tricked into typing a file path.

Because of this Firefox 3 does not allow typing filenames. If you click 
the input field it always brings up the file picker.

/ Jonas
Received on Thursday, 15 May 2008 14:34:52 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:02 UTC