Re: XHTML/XForms limits "preview submission" idiom

On 2002.05.20 05:26 Dave J Woolley wrote:
> > My question to the w3 is why can't I allow the user to input the data
> > all at once, identifying uploaded files by pathname, and have only the
> > pathname make the round trip, and then submit the binary data for the
> >
> 	[DJW:]  The browser must trust the pathname, otherwise
> 	you have a "read any file" security problem.

That's a very good answer.  But <input type="file" value="foo">
has exactly the same problem.  In fact, _that's_ where the problem is
because that's how an upload has to be done.  (If you didn't read
my entire, humgous,  e-mail I propose a way to deliver just a pathname
to the server (<input type="pathname" name="pnam">.  The server would
send back a <input type="file" value="foo"> for the user to approve a
final upload.)

This wouldn't introduce a new flaw.  It might make it more likely that
the existing problem is exploited. This seems more a client implimentation
issue.  Clients could issue warnings when they receive a <input
type="file" value="foo"> when "foo" is anything but "", or is a fully
qualified pathname, or whatever, perhaps depending on the client's
currrent working directory.


Karl <>

Received on Monday, 20 May 2002 10:20:31 UTC