[whatwg] File Upload Control
ian at hixie.ch
Thu Aug 26 05:42:30 PDT 2004
On Wed, 18 Aug 2004, Lachlan Hunt wrote:
> Ian Hickson wrote:
> > File upload controls should never be stylable. If they were stylable, it
> > would be too easy to trick users into uploading private files, by making
> > them think they were normal text fields, for example.
> How exactly would it make it any easier for a user to be tricked into
> selecting and uploading a private file if there was no visible browse button?
> The user would just be forced to type the full path manually, rather than
> selecting it with a GUI, so they would still no they were selecting a file.
You'd be surprised how easy it is to trick users into typing things like
that. For example:
Q3. What is the path to a Linux system's password file?
(( Submit Quiz ))
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg