- From: Alex Henrie <alexhenrie24@gmail.com>
- Date: Tue, 24 Mar 2009 11:24:37 -0600
On Tue, Mar 24, 2009 at 10:34 AM, Anne van Kesteren <annevk at opera.com> wrote: >> Example: A site lets a user upload a file and write some comments >> associated with that file. On the browser side, a new input element is >> dynamically created with the name and id "Notes for >> C:\fakepath\upload.txt". On the server side, the server receives >> "upload.txt" and looks for "Notes for upload.txt" to match. It of >> course is not there because the programmer had no idea that the >> browser would be adding appending a fake path in JavaScript but not in >> HTTP. > > I don't see how this example could work. Anyway, relying on .value to just > return a filename is a bogus assumption anyway since lots of user agents out > there are not doing that. I mean, if the browser used "C:\fakepath\upload.txt" in both JavaScript and DOM then there would be no problem in this example. But mixing "C:\fakepath\upload.txt" and "upload.txt" creates additional complications. -Alex
Received on Tuesday, 24 March 2009 10:24:37 UTC