[whatwg] File Upload Control

Ian Hickson ian at hixie.ch
Thu Aug 26 05:42:30 PDT 2004


On Wed, 18 Aug 2004, Lachlan Hunt wrote:
>
> Ian Hickson wrote:
> > File upload controls should never be stylable. If they were stylable, it
> > would be too easy to trick users into uploading private files, by making
> > them think they were normal text fields, for example.
> 
> How exactly would it make it any easier for a user to be tricked into
> selecting and uploading a private file if there was no visible browse button?
> The user would just be forced to type the full path manually, rather than
> selecting it with a GUI, so they would still no they were selecting a file.

You'd be surprised how easy it is to trick users into typing things like 
that. For example:

  Q3. What is the path to a Linux system's password file?
      [                       ]

  (( Submit Quiz ))

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list