[whatwg] File Upload Control

Ian Hickson ian at hixie.ch
Tue Nov 16 06:42:03 PST 2004


On Mon, 6 Sep 2004, Lachlan Hunt wrote:
>
> Ian Hickson wrote:
> > You'd be surprised how easy it is to trick users into typing things like
> > that. For example:
> > 
> >   Q3. What is the path to a Linux system's password file?
> >       [                       ]
> > 
> >   (( Submit Quiz ))
> 
> Do you mean just like these examples I just created?
> 
> http://lachy.id.au/dev/markup/examples/forms/file/

Indeed.


> I've have added comments about this security hole on bug 57770 in bugzilla.
> (comments 54 and 55)
> http://bugzilla.mozilla.org/show_bug.cgi?id=57770#c54

Thanks.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list