- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Sun, 08 Sep 2002 14:14:07 -0400
- To: Lachlan Cannon <luminosity@members.evolt.org>
- cc: www-style@w3.org
> > You don't really want to accidentally upload /etc/passwd, you know.
>
> But that's not really a styling matter, but a forms implementation
> manner. The forms which are being used, whether they be html, or xforms,
> or whatever shouldn't allow authors to specify default pages for picking
> files.
Who said anything about default values? The point is that if the file
upload does not look like a file upload it's a lot easier to trick the
user into typing in it, pasting into it, or dragging something to it.
Now I suppose that browser makers could disable all of these methods of
filename input and force all users to use the browse button.... but it's
a much smaller hassle for the _user_ to just have the file upload
control always look the same.
Boris
--
Conway's Law:
In any organization there will always be one person
who knows what is going on. This person must be fired.
Received on Sunday, 8 September 2002 20:34:40 UTC